Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Ubuntu USN |
USN-8543-1 | Wget vulnerabilities |
Tue, 14 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gnu
Gnu wget |
|
| CPEs | cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Gnu
Gnu wget |
Fri, 10 Jul 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wget
Wget wget |
|
| Vendors & Products |
Wget
Wget wget |
Wed, 08 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cause the function to decrement a pointer past the start of the buffer when processing an all-whitespace Metalink URL, potentially leading to abnormal program behavior. | |
| Title | GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing | |
| Weaknesses | CWE-125 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-14T22:03:10.940Z
Reserved: 2026-06-30T20:20:33.790Z
Link: CVE-2026-58469
Updated: 2026-07-08T13:36:38.971Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T22:45:07Z
Ubuntu USN