Bug 2497857 (CVE-2026-58472) - CVE-2026-58472 wget: GNU Wget: Arbitrary code execution or denial of service via crafted HTML attribute
Summary: CVE-2026-58472 wget: GNU Wget: Arbitrary code execution or denial of service ...
Keywords:
Status: NEW
Alias: CVE-2026-58472
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2499969 2499971 2499972
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-07 21:02 UTC by OSIDB Bzimport
Modified: 2026-07-14 13:55 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-07 21:02:45 UTC
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity encoding. A server-supplied HTML attribute causes a signed integer counter to overflow during output size accumulation, resulting in an undersized heap allocation and subsequent heap buffer overflow during the copy phase.


Note You need to log in before you can comment on or make changes to this bug.