Gentoo Linux Security Advisory 201711-6 - Multiple vulnerabilities have been found in Wget, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.19.1-r2 are affected.
d92658ea0b4df40a52fa29ec939ced19e0d63a12682ea5cc628b53a17796df96
Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
104257f1a354ea147a6bbac1bd35bfbbf953ec821808ca34d4db4ab29f4f469e
Red Hat Security Advisory 2017-3075-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code.
902f3f20b7a3e90d479fc1b3fd04bacf4050c8b64fac72cde48820817e759dfc
Ubuntu Security Notice 3464-1 - Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. Various other issues were also addressed.
25ac05cd4bd4147a63b1bd247d8cfad5fce3534a6793e49418e3508809cb3eff