Bug 2497860 (CVE-2026-58470) - CVE-2026-58470 wget: GNU Wget: Integer overflow in Content-Range header parsing causes download desynchronization
Summary: CVE-2026-58470 wget: GNU Wget: Integer overflow in Content-Range header parsi...
Keywords:
Status: NEW
Alias: CVE-2026-58470
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2499955 2499957 2499956
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-07 21:02 UTC by OSIDB Bzimport
Modified: 2026-07-14 12:01 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-07 21:02:54 UTC
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigger undefined behavior and download desynchronization in the affected client.


Note You need to log in before you can comment on or make changes to this bug.