A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code.
Find out more about CVE-2017-13090 from the
MITRE CVE dictionary dictionary and
NIST NVD.
Statement
This issue affects the versions of wget as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of wget as shipped with Red Hat Enterprise Linux 5 and 6.