CVE-2016-7098

Published: 26 September 2016

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

Priority

Low

CVSS 3 base score: 8.1

Status

Package Release Status
wget
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.17.1-1ubuntu1.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.15-1ubuntu1.14.04.3)
Patches:
Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957
Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=49af22ca94570da3fa43c98e92ec0830f786db0d