CVE-2017-13090

Name: CVE-2017-13090
Creator: NVD / NIST
Published: 2017-10-27T19:29:00.377+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 36.56%

Last modified Jun 17, 2026

CVE-2017-13090 is a vulnerability of currently unknown severity. The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. EPSS estimates a 36.56% chance of exploitation in the next 30 days.

Description

The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.

Metrics

EPSS Probability

36.56%

98.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Gnu	Wget	<= 1.19.1
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0

References

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bbaIssue Tracking, Patch, Third Party Advisory
http://www.debian.org/security/2017/dsa-4008Issue Tracking, Third Party Advisory
http://www.securityfocus.com/bid/101590Issue Tracking, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039661Issue Tracking, Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2017:3075
https://security.gentoo.org/glsa/201711-06Issue Tracking, Third Party Advisory
https://www.synology.com/support/security/Synology_SA_17_62_Wget
https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.htmlIssue Tracking, Patch, Third Party Advisory
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bbaIssue Tracking, Patch, Third Party Advisory
http://www.debian.org/security/2017/dsa-4008Issue Tracking, Third Party Advisory
http://www.securityfocus.com/bid/101590Issue Tracking, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039661Issue Tracking, Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2017:3075
https://security.gentoo.org/glsa/201711-06Issue Tracking, Third Party Advisory
https://www.synology.com/support/security/Synology_SA_17_62_Wget
https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.htmlIssue Tracking, Patch, Third Party Advisory

Timeline

Published: Oct 27, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-13090?

How severe is CVE-2017-13090?

Severity scoring for CVE-2017-13090 is pending analysis. The EPSS model estimates a 36.56% probability of exploitation in the next 30 days.

How do I fix CVE-2017-13090?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-13090?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST