CVE-2017-13089

Name of the Vulnerable Software and Affected Versions Wget versions prior to 1.19.2

Description The issue arises from the http.c:skip short body() function, which is called under certain circumstances, such as processing redirects. In Wget, when a response is sent chunked, the chunk parser uses strtol() to read each chunk's length but fails to check if the length is non-negative. This leads to a situation where the code attempts to skip the chunk in 512-byte pieces using the MIN() macro, ultimately passing a negative chunk length to connect.c:fd read(). Since fd read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd read() with a completely attacker-controlled length argument. The vulnerability can be exploited by a remote attacker using a specially prepared server to execute arbitrary code when Wget connects to it via HTTP.

Recommendations For versions prior to 1.19.2, update to version 1.19.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of Wget for HTTP connections to trusted servers until the update can be applied.