On October 26, 2017, GNU Wget announced a buffer overflow vulnerability. When you click special HTTP links through Wget, your host may be vulnerable to a malicious HTTP response, which may result in a DoS attack or malicious code execution. The vulnerability IDs are CVE-2017-13089 and CVE-2017-13090.

For more information about the vulnerability, see [Vulnerability notice] CVE-2017-13089 and CVE-2017-13090: Wget stack buffer overflow vulnerability.

The vulnerability management feature of Security Center can detect and fix this vulnerability.vulnerability

Versions affected

GNU Wget announced a buffer overflow vulnerability in versions earlier than 1.19.2. You must download and compile Wget version 1.19.2 or later from the official website to avoid being affected by the vulnerability. However, some Linux sources such as the CentOS source have fixed this vulnerability in earlier versions with patches. In this case, you do not need to upgrade Wget to version 1.19.2 or later.

Alibaba Cloud security experts have tested and verified that Wget versions later than 1.14-15.el7_4.1 installed from Linux sources are not affected by this vulnerability. You can use the following hit rule in Security Center to detect vulnerabilities for Wget installed from Linux sources: wget version less than 1.14-15.el7_4.1.