CVE-2024-38428

Updated: 2024-10-28 22:47:46.150257

Description:

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.1

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU wget 1.21.1 9.1 CRITICAL Released CLSA-2024:1725898066 2024-09-09 12:21:08
CentOS 6 ELS wget 1.12 9.1 CRITICAL Ignored 2024-07-02 11:10:24
CentOS 7 ELS wget 1.14 9.1 CRITICAL Released CLSA-2024:1723796201 2024-08-30 14:30:24
CentOS 8.4 ELS wget 1.19.5 9.1 CRITICAL Released CLSA-2024:1723826300 2024-08-16 14:31:19
CentOS 8.5 ELS wget 1.19.5 9.1 CRITICAL Released CLSA-2024:1723795173 2024-08-16 05:32:43
CentOS Stream 8 ELS wget 1.19.5 9.1 CRITICAL Released CLSA-2024:1723794812 2024-08-16 05:32:40
CloudLinux 6 ELS wget 1.12 9.1 CRITICAL Ignored 2024-07-17 17:25:47
CloudLinux 7 ELS wget 1.14 9.1 CRITICAL Released CLSA-2024:1724061730 2024-08-30 14:26:32
Oracle Linux 6 ELS wget 1.12 9.1 CRITICAL Ignored 2024-07-17 17:25:47
Ubuntu 16.04 ELS wget 1.17.1-1 9.1 CRITICAL Released CLSA-2024:1723223824 2024-08-09 14:31:51
Total: 11