CVE-2017-13090

Name of the Vulnerable Software and Affected Versions Wget versions prior to 1.19.2

Description The issue is related to insufficient input validation in the fd read body() function, which can lead to a buffer overflow. This occurs when processing OK responses sent chunked, where the chunk parser uses strtol() to read each chunk's length without checking if it's a non-negative number. The code then attempts to read the chunk in pieces, passing the negative chunk length to fd read(), allowing an attacker to corrupt malloc metadata after the allocated buffer. This can potentially enable a remote attacker to execute arbitrary code.

Recommendations For versions prior to 1.19.2, update to version 1.19.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of chunked responses until a patch is available. Avoid using the fd read body() function in retr.c with untrusted input until the issue is resolved.