Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Ubuntu USN |
USN-8543-1 | Wget vulnerabilities |
Tue, 14 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gnu
Gnu wget |
|
| CPEs | cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Gnu
Gnu wget |
Fri, 10 Jul 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wget
Wget wget |
|
| Vendors & Products |
Wget
Wget wget |
Fri, 10 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 07 Jul 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is too small during iconv E2BIG reallocation, the reallocation logic miscalculates the remaining space, leading to a heap buffer overflow that can be exploited via a maliciously crafted server response. | |
| Title | GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c | |
| Weaknesses | CWE-122 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-14T22:03:12.273Z
Reserved: 2026-06-30T20:20:33.790Z
Link: CVE-2026-58471
Updated: 2026-07-07T20:32:19.583Z
No data.
OpenCVE Enrichment
Updated: 2026-07-16T22:45:07Z
Ubuntu USN