2425770 – (CVE-2025-69195) CVE-2025-69195 wget2: GNU Wget2: Memory corruption and crash via filename sanitization logic with attacker-controlled URLs

Bug 2425770 (CVE-2025-69195) - CVE-2025-69195 wget2: GNU Wget2: Memory corruption and crash via filename sanitization logic with attacker-controlled URLs

Summary: CVE-2025-69195 wget2: GNU Wget2: Memory corruption and crash via filename san...

Keywords:
Status:	NEW
Alias:	CVE-2025-69195
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2425774 2425775 2425776 2425777 2425778
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-29 14:06 UTC by OSIDB Bzimport
Modified:	2025-12-29 14:36 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-29 14:06:05 UTC

Stack-based buffer overflow vulnerability in the filename sanitization logic of GNU Wget2. The flaw occurs when wget2 processes attacker-controlled URL paths while filename restriction options such as --restrict-file-names=windows, unix, or ascii are enabled. During sanitization, the application writes beyond a fixed 1024-byte stack buffer due to missing bounds checks. A specially crafted URL path or HTTP redirect can trigger memory corruption, resulting in a crash or potentially enabling further exploitation. The issue can be triggered remotely with no authentication, requiring only user interaction to invoke wget2.

Note You need to log in before you can comment on or make changes to this bug.