Vulnerabilities > CVE-2019-5953 - Out-of-bounds Write vulnerability in GNU Wget
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1760.NASL description Kusano Kazuhiko discovered a buffer overflow vulnerability in the handling of Internationalized Resource Identifiers (IRI) in wget, a network utility to retrieve files from the web, which could result in the execution of arbitrary code or denial of service when recursively downloading from an untrusted server. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 124218 published 2019-04-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124218 title Debian DLA-1760-1 : wget security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0925-1.NASL description This update for wget fixes the following issues : Security issue fixed : CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123994 published 2019-04-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123994 title SUSE SLED15 / SLES15 Security Update : wget (SUSE-SU-2019:0925-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1194.NASL description A buffer overflow vulnerability was found in GNU Wget. An attacker may be able to cause a denial-of-service (DoS) or may execute an arbitrary code. (CVE-2019-5953) last seen 2020-06-01 modified 2020-06-02 plugin id 124200 published 2019-04-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124200 title Amazon Linux AMI : wget (ALAS-2019-1194) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0079_WGET.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has wget packages installed that are affected by a vulnerability: - Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. (CVE-2019-5953) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127290 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127290 title NewStart CGSL CORE 5.04 / MAIN 5.04 : wget Vulnerability (NS-SA-2019-0079) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_WGET.NASL description An update of the wget package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126204 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126204 title Photon OS 1.0: Wget PHSA-2019-1.0-0237 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0983.NASL description From Red Hat Security Advisory 2019:0983 : An update for wget is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127572 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127572 title Oracle Linux 8 : wget (ELSA-2019-0983) NASL family Scientific Linux Local Security Checks NASL id SL_20190514_WGET_ON_SL7_X.NASL description Security Fix(es) : - wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) last seen 2020-03-18 modified 2019-05-15 plugin id 125129 published 2019-05-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125129 title Scientific Linux Security Update : wget on SL7.x x86_64 (20190514) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2979.NASL description An update for wget is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129741 published 2019-10-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129741 title RHEL 7 : wget (RHSA-2019:2979) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1281.NASL description This update for wget fixes the following issues : Security issue fixed : - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124355 published 2019-04-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124355 title openSUSE Security Update : wget (openSUSE-2019-1281) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1228.NASL description An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 125054 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125054 title RHEL 7 : wget (RHSA-2019:1228) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-095-02.NASL description New wget packages are available for Slackware 14.2 and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 123811 published 2019-04-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123811 title Slackware 14.2 / current : wget (SSA:2019-095-02) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0983.NASL description An update for wget is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 124669 published 2019-05-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124669 title RHEL 8 : wget (RHSA-2019:0983) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0082_WGET.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has wget packages installed that are affected by a vulnerability: - Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. (CVE-2019-5953) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127295 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127295 title NewStart CGSL CORE 5.05 / MAIN 5.05 : wget Vulnerability (NS-SA-2019-0082) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1227.NASL description Buffer overflow in GNU Wget allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. (CVE-2019-5953) last seen 2020-06-01 modified 2020-06-02 plugin id 125899 published 2019-06-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125899 title Amazon Linux 2 : wget (ALAS-2019-1227) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1236.NASL description This update for wget fixes the following issues : Security issue fixed : - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124187 published 2019-04-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124187 title openSUSE Security Update : wget (openSUSE-2019-1236) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1228.NASL description From Red Hat Security Advisory 2019:1228 : An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 125190 published 2019-05-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125190 title Oracle Linux 7 : wget (ELSA-2019-1228) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4425.NASL description Kusano Kazuhiko discovered a buffer overflow vulnerability in the handling of Internationalized Resource Identifiers (IRI) in wget, a network utility to retrieve files from the web, which could result in the execution of arbitrary code or denial of service when recursively downloading from an untrusted server. last seen 2020-06-01 modified 2020-06-02 plugin id 123799 published 2019-04-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123799 title Debian DSA-4425-1 : wget - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1736.NASL description According to the version of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.(CVE-2019-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-22 plugin id 126863 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126863 title EulerOS 2.0 SP2 : wget (EulerOS-SA-2019-1736) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1707.NASL description According to the version of the wget package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.(CVE-2019-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126549 published 2019-07-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126549 title EulerOS Virtualization for ARM 64 3.0.2.0 : wget (EulerOS-SA-2019-1707) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201908-19.NASL description The remote host is affected by the vulnerability described in GLSA-201908-19 (GNU Wget: Arbitrary code execution) A buffer overflow was discovered in GNU’s Wget. Impact : An attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 127968 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127968 title GLSA-201908-19 : GNU Wget: Arbitrary code execution NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-1228.NASL description An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 125315 published 2019-05-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125315 title CentOS 7 : wget (CESA-2019:1228) NASL family Fedora Local Security Checks NASL id FEDORA_2019-7A0497CBC2.NASL description - update to 1.20.3 - fixed CVE-2019-5953 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123804 published 2019-04-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123804 title Fedora 29 : wget (2019-7a0497cbc2) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1691.NASL description According to the version of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.(CVE-2019-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-02 plugin id 126432 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126432 title EulerOS 2.0 SP5 : wget (EulerOS-SA-2019-1691) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3168.NASL description An update for wget is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es) : * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 130154 published 2019-10-23 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130154 title RHEL 7 : wget (RHSA-2019:3168) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3943-1.NASL description It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483) Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123973 published 2019-04-10 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123973 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : wget vulnerabilities (USN-3943-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1765.NASL description According to the version of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.(CVE-2019-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-07-25 plugin id 127002 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127002 title EulerOS 2.0 SP8 : wget (EulerOS-SA-2019-1765) NASL family Fedora Local Security Checks NASL id FEDORA_2019-66142859A3.NASL description - update to 1.20.3 - fixed CVE-2019-5953 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124498 published 2019-05-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124498 title Fedora 30 : wget (2019-66142859a3) NASL family Fedora Local Security Checks NASL id FEDORA_2019-9F891CD83A.NASL description - update to 1.20.3 - fixed CVE-2019-5953 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123840 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123840 title Fedora 28 : wget (2019-9f891cd83a) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0956-1.NASL description This update for wget fixes the following issues : Security issue fixed : CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124111 published 2019-04-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124111 title SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2019:0956-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2023.NASL description According to the version of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.(CVE-2019-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129216 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129216 title EulerOS 2.0 SP3 : wget (EulerOS-SA-2019-2023)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|