Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Ubuntu USN |
USN-8543-1 | Wget vulnerabilities |
Wed, 15 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-131 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 14 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gnu
Gnu wget |
|
| CPEs | cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Gnu
Gnu wget |
Fri, 10 Jul 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wget
Wget wget |
|
| Vendors & Products |
Wget
Wget wget |
Wed, 08 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity encoding. A server-supplied HTML attribute causes a signed integer counter to overflow during output size accumulation, resulting in an undersized heap allocation and subsequent heap buffer overflow during the copy phase. | |
| Title | GNU Wget 1.25.0 Heap Buffer Overflow via HTML Attribute Encoding | |
| Weaknesses | CWE-190 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-14T22:03:12.957Z
Reserved: 2026-06-30T20:20:33.790Z
Link: CVE-2026-58472
Updated: 2026-07-08T13:45:55.717Z
No data.
OpenCVE Enrichment
Updated: 2026-07-16T10:30:17Z
Ubuntu USN