Search for vulnerabilities
Vulnerability details: VCID-jgy2-zfn9-zufe
Vulnerability ID VCID-jgy2-zfn9-zufe
Aliases CVE-2024-38428
Summary url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Status Published
Exploitability 0.5
Weighted Severity 8.2
Risk 4.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-115 Misinterpretation of Input
CWE-436 Interpretation Conflict
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38428.json
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.1 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
ssvc Track https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
cvssv3.1 9.1 https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
ssvc Track https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
cvssv3.1 9.1 https://nvd.nist.gov/vuln/detail/CVE-2024-38428
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38428.json
https://api.first.org/data/v1/epss?cve=CVE-2024-38428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38428
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2025/04/msg00029.html
https://security.netapp.com/advisory/ntap-20241115-0005/
1073523 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073523
2292836 https://bugzilla.redhat.com/show_bug.cgi?id=2292836
cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
CVE-2024-38428 https://nvd.nist.gov/vuln/detail/CVE-2024-38428
?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
msg00005.html https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
RHSA-2024:4998 https://access.redhat.com/errata/RHSA-2024:4998
RHSA-2024:5299 https://access.redhat.com/errata/RHSA-2024:5299
RHSA-2024:6192 https://access.redhat.com/errata/RHSA-2024:6192
RHSA-2024:6208 https://access.redhat.com/errata/RHSA-2024:6208
RHSA-2024:6438 https://access.redhat.com/errata/RHSA-2024:6438
USN-6852-1 https://usn.ubuntu.com/6852-1/
USN-6852-2 https://usn.ubuntu.com/6852-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38428.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-19T19:48:27Z/ Found at https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-19T19:48:27Z/ Found at https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38428
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.35555
EPSS Score 0.00145
Published At Aug. 7, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:42:14.079759+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6852-2/ 37.0.0