Heap Buffer Overflow in GNU Wget Affects Multiple Versions
CVE-2026-58471
6MEDIUM
What is CVE-2026-58471?
GNU Wget versions up to 1.25.0 are susceptible to a heap buffer overflow in the convert_fname() function located in src/url.c. This vulnerability allows remote attackers to execute a memory corruption exploit by supplying a crafted filename that requires character set conversion. The flaw arises when the allocation process misjudges the buffer's remaining space during an iconv E2BIG reallocation. As a result, malicious server responses can lead to a potential compromise of the affected system.
Affected Version(s)
wget 0 <= 1.25.0
wget 0 <= 1.25.0
wget c2640fe5171c59f87c58dc9fcb195b2d18b010ee
