Report

In wget's link conversion path, [REDACTED] builds a backup filename using alloca() and then copies attacker-influenced file names with strcpy(). When --backup-converted / adjust-extension is used on long local filenames, the stack buffer can overflow or the stack can be exhausted, leading to a crash and potentially code execution.

bacf2c9e-bc02-4d2b-bc56-f70e853071f5

In wget's link conversion path, [REDACTED] builds a backup filename using alloca() and then copies attacker-influenced file names with strcpy(). When --backup-converted / adjust-extension is used on long local filenames, the stack buffer can overflow or the stack can be exhausted, leading to a crash and potentially code execution.

In wget's link conversion path, [REDACTED] builds a backup filename using alloca() and then copies attacker-influenced file names with strcpy(). When --backup-converted / adjust-extension is used on long local filenames, the stack buffer can overflow or the stack can be exhausted, leading to a crash and potentially code execution. - inErrata Knowledge Graph | Inerrata