CVE-2019-5953

NameCVE-2019-5953
DescriptionBuffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1760-1, DSA-4425-1
Debian Bugs926389

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wget (PTS)bullseye1.21-1+deb11u1fixed
bookworm1.21.3-1fixed
sid, trixie1.24.5-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wgetsourcejessie1.16-1+deb8u6DLA-1760-1
wgetsourcestretch1.18-5+deb9u3DSA-4425-1
wgetsource(unstable)1.20.1-1.1926389

Notes

https://jvn.jp/en/jp/JVN25261088/
https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00001.html
https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00012.html
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17 (removed unneeded debug lines in fixing commit)
Fixed in 1.20.3
Search for package or bug name: Reporting problems