VDB

ALPINE-CVE-2017-6508

ALPINE-CVE-2017-6508 PUBLISHED CVSS 6.099999904632568 MEDIUM

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

Risk Scores

CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Alpine:v3.15wget0, 1.11.4-r1, 1.12-r0
Alpine:v3.17wget1.17.1-r0, 0, 1.19.1-r0
Alpine:v3.12wget1.11.4-r0, 0, 1.19.1-r0
Alpine:v3.10wget1.17.1-r0, 0, 1.11.4-r0
Alpine:v3.21wget1.13.1-r1, 0, 1.12-r4
Alpine:v3.8wget1.13.1-r0, 0, 1.15-r0
Alpine:v3.18wget1.16.2-r0, 1.17-r0, 1.16.3-r0
Alpine:v3.13wget1.15-r0, 1.11.4-r0, 1.11.4-r1
Alpine:v3.3wget1.13.1-r1, 1.17.1-r0, 1.17-r0
Alpine:v3.2wget1.11.4-r0, 0, 1.18-r0
Alpine:v3.4wget1.16.2-r0, 1.18-r0, 1.17-r0
Alpine:v3.11wget0, 0, 1.16.3-r1
Alpine:v3.22wget1.14-r1, 0, 1.11.4-r1
Alpine:v3.7wget0, 1.12-r2, 1.11.4-r1
Alpine:v3.23wget0, 0, 1.19.1-r0
Alpine:v3.16wget0, 0, 1.11.4-r0
Alpine:v3.20wget1.19-r0, 1.18-r1, 1.18-r0
Alpine:v3.9wget0, 1.11.4-r0, 1.11.4-r1
Alpine:v3.14wget1.11.4-r0, 0, 0
Alpine:v3.24wget0

…and 2 more

Timeline

  • Mar 7, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›