CVE-2014-4877

EPSS 74.3%

wget - security update

Published: 10/29/2014Modified: 3/9/2026

Also known as:DEBIAN-CVE-2014-4877DLA-82-1

Description

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

Affected packages (3)

Debian/wgetfrom 0, < 1.16-1
Debian/wgetfrom 0, < 1.12-2.1+deb6u1
Debian/wgetfrom 0, < 1.13.4-3+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-4877