DEBIAN-CVE-2024-38428

DEBIAN-CVE-2024-38428 PUBLISHED CVSS 9.100000381469727 CRITICAL

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Risk Scores

CVSS 3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:14	wget	0, 0
Debian:11	wget	*, 1.21-1, 0
Debian:12	wget	1.21.3-1, 1.21.3-1, 0
Debian:13	wget	0, 0

Timeline

Jun 16, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-38428 advisory

Open in Interactive Console →