CVE-2026-58470

Public on 2026-07-07
Modified on 2026-07-10
Description
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigger undefined behavior and download desynchronization in the affected client.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core wget Pending Fix
Amazon Linux 2023 wget Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L