CVE-2017-13090
- Source
- https://cve.org/CVERecord?id=CVE-2017-13090
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13090.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-13090
- Downstream
- Related
- Published
- 2017-10-27T19:29:00.377Z
- Modified
- 2026-02-22T01:15:13.921908Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The retr.c:fdreadbody() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fdread(). As fdread() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.
- References
-
- https://www.synology.com/support/security/Synology_SA_17_62_Wget
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
- http://www.debian.org/security/2017/dsa-4008
- http://www.securityfocus.com/bid/101590
- http://www.securitytracker.com/id/1039661
- https://access.redhat.com/errata/RHSA-2017:3075
- https://security.gentoo.org/glsa/201711-06
- https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
- http://www.debian.org/security/2017/dsa-4008
- http://www.securityfocus.com/bid/101590
- http://www.securitytracker.com/id/1039661
- https://security.gentoo.org/glsa/201711-06
- https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
- https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html
Affected packages
Git / github.com/gstreamer/gst-plugins-ugly
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gstreamer/gst-plugins-ugly
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.1.1
1.1.2
1.1.3
1.1.4
1.1.90
1.10.0
1.11.0
1.11.1
1.11.2
1.11.90
1.11.91
1.12.0
1.13.1
1.13.90
1.13.91
1.14.0
1.15.1
1.15.2
1.15.90
1.16.0
1.17.1
1.17.2
1.17.90
1.18.0
1.19.1
1.2.0
1.3.1
1.3.2
1.3.3
1.3.90
1.3.91
1.4.0
1.5.1
1.5.2
1.5.90
1.5.91
1.6.0
1.7.1
1.7.2
1.7.90
1.7.91
1.8.0
1.9.1
1.9.2
1.9.90
Other
BEFORE_INDENT
BRANCH-ERROR-ROOT
BRANCH-EVENTS2-ROOT
BRANCH-GSTREAMER-0_8-ROOT
CAPS
CAPS-MERGE-3
CAPS-ROOT
CHANGELOG_START
GIT_CONVERSION
MOVE-TO-FDO
OSLOSUMMIT1-200303051
RELEASE-0_10_0
RELEASE-0_10_1
RELEASE-0_10_10
RELEASE-0_10_11
RELEASE-0_10_2
RELEASE-0_10_3
RELEASE-0_10_4
RELEASE-0_10_5
RELEASE-0_10_6
RELEASE-0_10_7
RELEASE-0_10_8
RELEASE-0_10_9
RELEASE-0_9_1
RELEASE-0_9_3
RELEASE-0_9_4
RELEASE-0_9_5
RELEASE-0_9_6
RELEASE-0_9_7
TYPEFIND-ROOT
start
RELEASE-0.*
RELEASE-0.10.12
RELEASE-0.10.13
RELEASE-0.10.14
RELEASE-0.10.15
RELEASE-0.10.16
RELEASE-0.10.17
RELEASE-0.10.18
RELEASE-0.11.1
RELEASE-0.11.2
RELEASE-0.11.90
RELEASE-0.11.91
RELEASE-0.11.92
RELEASE-0.11.93
RELEASE-0.11.94
RELEASE-0.11.99