Search for vulnerabilities
Vulnerability details: VCID-5xb4-3mvj-aaas
Vulnerability ID VCID-5xb4-3mvj-aaas
Aliases CVE-2017-13090
Summary The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122 Heap-based Buffer Overflow
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13090.html
rhas Important https://access.redhat.com/errata/RHSA-2017:3075
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13090.json
epss 0.02088 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.02088 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.02198 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.02198 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.02198 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.02198 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.02198 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.02198 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.08667 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.09081 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.15359 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.18865 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.18865 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.18865 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
epss 0.39880 https://api.first.org/data/v1/epss?cve=CVE-2017-13090
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1505445
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090
cvssv2 9.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2017-13090
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-13090
archlinux Critical https://security.archlinux.org/AVG-473
generic_textual Low https://ubuntu.com/security/notices/USN-3464-1
generic_textual Low https://ubuntu.com/security/notices/USN-3464-2
generic_textual Medium https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html
Reference id Reference type URL
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13090.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13090.json
https://api.first.org/data/v1/epss?cve=CVE-2017-13090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201711-06
https://ubuntu.com/security/notices/USN-3464-1
https://ubuntu.com/security/notices/USN-3464-2
https://www.synology.com/support/security/Synology_SA_17_62_Wget
https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html
http://www.debian.org/security/2017/dsa-4008
http://www.securityfocus.com/bid/101590
http://www.securitytracker.com/id/1039661
1505445 https://bugzilla.redhat.com/show_bug.cgi?id=1505445
879957 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879957
ASA-201710-34 https://security.archlinux.org/ASA-201710-34
AVG-473 https://security.archlinux.org/AVG-473
cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-13090 https://nvd.nist.gov/vuln/detail/CVE-2017-13090
RHSA-2017:3075 https://access.redhat.com/errata/RHSA-2017:3075
USN-3464-1 https://usn.ubuntu.com/3464-1/
USN-3464-2 https://usn.ubuntu.com/3464-2/
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13090.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2017-13090
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-13090
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.83202
EPSS Score 0.02088
Published At June 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.