{"containers": {"cna": {"affected": [{"product": "GNU Wget", "vendor": "The GNU Projec", "versions": [{"status": "affected", "version": "1.20.1 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-24T22:06:32", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gnu.org/software/wget/"}, {"tags": ["x_refsource_MISC"], "url": "http://jvn.jp/en/jp/JVN25261088/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K14560101"}, {"name": "GLSA-201908-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-19"}, {"name": "RHSA-2019:2979", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2979"}, {"name": "RHSA-2019:3168", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3168"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2019-5953", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GNU Wget", "version": {"version_data": [{"version_value": "1.20.1 and earlier"}]}}]}, "vendor_name": "The GNU Projec"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.gnu.org/software/wget/", "refsource": "MISC", "url": "https://www.gnu.org/software/wget/"}, {"name": "http://jvn.jp/en/jp/JVN25261088/index.html", "refsource": "MISC", "url": "http://jvn.jp/en/jp/JVN25261088/index.html"}, {"name": "https://support.f5.com/csp/article/K14560101", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K14560101"}, {"name": "GLSA-201908-19", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-19"}, {"name": "RHSA-2019:2979", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2979"}, {"name": "RHSA-2019:3168", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3168"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:09:23.991Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.gnu.org/software/wget/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN25261088/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K14560101"}, {"name": "GLSA-201908-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-19"}, {"name": "RHSA-2019:2979", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2979"}, {"name": "RHSA-2019:3168", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3168"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2019-5953", "datePublished": "2019-05-17T15:25:56", "dateReserved": "2019-01-10T00:00:00", "dateUpdated": "2024-08-04T20:09:23.991Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D88F965-A3B5-4E9C-8E89-5AD1E64E53F7", "versionEndIncluding": "1.20.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors."}, {"lang": "es", "value": "El desbordamiento de b\u00fafer en GNU Wget 1.20.1 y versiones anteriores permite a los atacantes remotos causar una denegaci\u00f3n de servicio (DoS) o pueden ejecutar un c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "id": "CVE-2019-5953", "lastModified": "2024-11-21T04:45:47.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-17T16:29:05.360", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/en/jp/JVN25261088/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://access.redhat.com/errata/RHSA-2019:2979"}, {"source": "vultures@jpcert.or.jp", "url": "https://access.redhat.com/errata/RHSA-2019:3168"}, {"source": "vultures@jpcert.or.jp", "url": "https://security.gentoo.org/glsa/201908-19"}, {"source": "vultures@jpcert.or.jp", "url": "https://support.f5.com/csp/article/K14560101"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://www.gnu.org/software/wget/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/en/jp/JVN25261088/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:3168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201908-19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K14560101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.gnu.org/software/wget/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:1228", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "wget-0:1.14-18.el7_6.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:3168", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "wget-0:1.14-15.el7_4.2", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2019-10-23T00:00:00Z"}, {"advisory": "RHSA-2019:3168", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "wget-0:1.14-15.el7_4.2", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2019-10-23T00:00:00Z"}, {"advisory": "RHSA-2019:3168", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "wget-0:1.14-15.el7_4.2", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2019-10-23T00:00:00Z"}, {"advisory": "RHSA-2019:2979", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "wget-0:1.14-16.el7_5.1", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-10-08T00:00:00Z"}, {"advisory": "RHSA-2019:0983", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "wget-0:1.19.5-7.el8_0.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-07T00:00:00Z"}], "bugzilla": {"description": "wget: do_conversion() heap-based buffer overflow vulnerability", "id": "1695679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695679"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.", "A buffer overflow flaw was found in the GNU Wget in version 1.20.1 and earlier when processing Internationalized Resource Identifiers. This flaw allows an attacker to execute arbitrary code or cause a denial of service."], "name": "CVE-2019-5953", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "wget", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wget", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-5953\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5953"], "statement": "This issue did not affect the versions of wget as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of wget as shipped with Red Hat Enterprise Linux 7.", "threat_severity": "Important"}

{}