ALPINE-CVE-2018-0494 — Vulnetix

ALPINE-CVE-2018-0494 PUBLISHED CVSS 6.5 MEDIUM

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.23	wget	1.18-r1, 0, 1.11.4-r0
Alpine:v3.16	wget	1.19.2-r1, 1.11.4-r0, 1.11.4-r1
Alpine:v3.14	wget	1.13.1-r0, 1.13-r0, 1.12-r4
Alpine:v3.10	wget	1.19.4-r2, 1.12-r4, 0
Alpine:v3.20	wget	1.11.4-r0, 1.11.4-r1, 1.12-r0
Alpine:v3.15	wget	1.12-r3, 1.19.4-r2, 1.19.4-r1
Alpine:v3.9	wget	1.19.4-r0, 1.11.4-r0, 1.11.4-r1
Alpine:v3.8	wget	1.11.4-r1, 1.12-r2, 1.12-r3
Alpine:v3.4	wget	1.18-r2, 1.18-r1, 1.18-r0
Alpine:v3.22	wget	1.14-r1, 1.14-r0, 1.13.4-r0
Alpine:v3.5	wget	1.14-r1, 1.16-r0, 1.16.1-r0
Alpine:v3.6	wget	1.14-r0, 1.15-r0, 1.16.1-r0
Alpine:v3.18	wget	1.13.3-r0, 1.11.4-r0, 1.11.4-r1
Alpine:v3.11	wget	1.11.4-r1, 1.19.2-r0, 1.19.2-r1
Alpine:v3.12	wget	1.11.4-r0, 1.19.4-r2, 1.19.4-r1
Alpine:v3.7	wget	1.19.2-r1, 0, 1.11.4-r0
Alpine:v3.21	wget	1.16.1-r0, 1.16.3-r1, 1.16.3-r0
Alpine:v3.19	wget	1.15-r0, 1.19.4-r2, 1.19.4-r1
Alpine:v3.13	wget	1.16.3-r0, 1.14-r1, 1.15-r0
Alpine:v3.17	wget	1.14-r1, 0, 1.11.4-r0

Timeline

May 6, 2018 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-0494 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›