CVE-2026-58471
MEDIUM
5.9
CVSS 3.1
Description
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is too small during iconv E2BIG reallocation, the reallocation logic miscalculates the remaining space, leading to a heap buffer overflow that can be exploited via a maliciously crafted server response.
Metadata
Severity & Metrics
5.9
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| gnuwget | wget | — | 0 ≤ 1.25.0, c2640fe5171c59f87c58dc9fcb195b2d18b010ee |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-122 | cna | Heap-based Buffer Overflow |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.0 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N |
| 5.9 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H |
References (2)