Integer Overflow Vulnerability in GNU Wget Affected by Malicious Headers
CVE-2026-58470
6.9MEDIUM
What is CVE-2026-58470?
GNU Wget, a widely used command-line utility for downloading files, is susceptible to an integer overflow vulnerability. This issue arises within the parse_content_range() function in the source file src/http.c, where incorrect handling of Content-Range headers can lead to signed integer arithmetic overflow. Attackers who manipulate these headers can instigate undefined behavior in the Wget client, which may allow them to exploit the application further. The vulnerability is patched in version 1.25.1, and users are advised to update to mitigate any risks associated with this flaw.
Affected Version(s)
wget 0 <= 1.25.0
wget 0 <= 1.25.0
wget 43d3ba9336bc94937e6fae2365c6ffd30c34ffcf
