Description
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigger undefined behavior and download desynchronization in the affected client.
Published: 2026-07-07
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8543-1 Wget vulnerabilities
History

Wed, 15 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 14 Jul 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu wget
CPEs cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu wget

Fri, 10 Jul 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Wget
Wget wget
Vendors & Products Wget
Wget wget

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 07 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigger undefined behavior and download desynchronization in the affected client.
Title GNU Wget 1.25.0 Integer Overflow via Content-Range Header Parsing
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-14T22:03:11.587Z

Reserved: 2026-06-30T20:20:33.790Z

Link: CVE-2026-58470

cve-icon Vulnrichment

Updated: 2026-07-08T13:07:29.296Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-07-07T19:45:53Z

Links: CVE-2026-58470 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-15T08:30:04Z

Weaknesses