Search for vulnerabilities
Vulnerability details: VCID-xzny-z3mh-aaan
Vulnerability ID VCID-xzny-z3mh-aaan
Aliases CVE-2024-38428
Summary url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Status Published
Exploitability 0.5
Weighted Severity 8.2
Risk 4.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-115 Misinterpretation of Input
CWE-436 Interpretation Conflict
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38428.json
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00197 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00225 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
epss 0.00627 https://api.first.org/data/v1/epss?cve=CVE-2024-38428
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.1 https://nvd.nist.gov/vuln/detail/CVE-2024-38428
cvssv3.1 9.1 https://nvd.nist.gov/vuln/detail/CVE-2024-38428
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38428.json
https://api.first.org/data/v1/epss?cve=CVE-2024-38428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38428
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
https://lists.debian.org/debian-lts-announce/2025/04/msg00029.html
https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
https://security.netapp.com/advisory/ntap-20241115-0005/
1073523 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073523
2292836 https://bugzilla.redhat.com/show_bug.cgi?id=2292836
cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
CVE-2024-38428 https://nvd.nist.gov/vuln/detail/CVE-2024-38428
RHSA-2024:4998 https://access.redhat.com/errata/RHSA-2024:4998
RHSA-2024:5299 https://access.redhat.com/errata/RHSA-2024:5299
RHSA-2024:6192 https://access.redhat.com/errata/RHSA-2024:6192
RHSA-2024:6208 https://access.redhat.com/errata/RHSA-2024:6208
RHSA-2024:6438 https://access.redhat.com/errata/RHSA-2024:6438
USN-6852-1 https://usn.ubuntu.com/6852-1/
USN-6852-2 https://usn.ubuntu.com/6852-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38428.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38428
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38428
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.36032
EPSS Score 0.00082
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-06-16T08:24:39.666020+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-38428 34.0.0rc4