Alpine: wget: security update to 1.18-r2

high Tenable Self-Hosted Container Security Plugin ID 407609

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects.
When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each
chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to
skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk
length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length
are discarded, leaving fd_read() with a completely attacker controlled length argument. (CVE-2017-13089)

- The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent
chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't
check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of
8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As
fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read()
with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the
allocated buffer. (CVE-2017-13090)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-13089

https://security.alpinelinux.org/vuln/CVE-2017-13090

Plugin Details

Severity: High

ID: 407609

Version: Revision 1.25

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-13090

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/26/2017

Reference Information

CVE: CVE-2017-13089, CVE-2017-13090

BID: 101590, 101592