ALPINE-CVE-2017-6508 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2017-6508 PUBLISHED CVSS 6.099999904632568 MEDIUM

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

Risk Scores

CVSS v3.0

6.099999904632568

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.15	wget	1.11.4-r1, 1.12-r0, 1.12-r1
Alpine:v3.17	wget	0, 1.11.4-r0, 1.11.4-r1
Alpine:v3.12	wget	1.12-r3, 0, 1.11.4-r0
Alpine:v3.10	wget	1.19.1-r0, 1.19-r0, 1.18-r1
Alpine:v3.21	wget	0, 1.11.4-r0, 1.11.4-r1
Alpine:v3.8	wget	1.18-r1, 1.19.1-r0, 1.19-r0
Alpine:v3.18	wget	1.11.4-r0, 1.14-r0, 1.19.1-r0
Alpine:v3.13	wget	1.11.4-r1, 1.19.1-r0, 1.19-r0
Alpine:v3.3	wget	1.11.4-r0, 1.17.1-r1, 1.17.1-r0
Alpine:v3.2	wget	1.12-r2, 0, 1.11.4-r0
Alpine:v3.4	wget	1.11.4-r0, 1.18-r0, 1.17.1-r1
Alpine:v3.11	wget	1.14-r1, 1.17-r0, 1.12-r0
Alpine:v3.22	wget	0, 1.19.1-r0, 1.19-r0
Alpine:v3.7	wget	1.14-r0, 1.11.4-r1, 1.12-r2
Alpine:v3.23	wget	1.12-r2, 0, 1.11.4-r0
Alpine:v3.16	wget	1.13.1-r1, 1.16.3-r0, 1.15-r0
Alpine:v3.20	wget	1.13.4-r0, 1.13.3-r0, 1.13.1-r1
Alpine:v3.9	wget	1.12-r2, 1.19.1-r0, 1.19-r0
Alpine:v3.14	wget	1.16.2-r0, 1.16.3-r0, 1.16.3-r1
Alpine:v3.6	wget	1.19.1-r0, 1.17.1-r0, 1.17-r0

…and 1 more

Timeline

Mar 7, 2017 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2017-6508 advisory

Open in Interactive Console →