Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-58470

MEDIUM NVD
CVSS Score 5.3
Severity MEDIUM
Published Jul 07, 2026
Vendor unknown

Description

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigger undefined behavior and download desynchronization in the affected client.

References