CVERadar

CVE-2024-38428

Critical Severity

Gnu

SVRS

79/100

CVSSv3

9.1/10

EPSS

0.00251/1

CVE-2024-38428: GNU Wget URI Handling Vulnerability. Discover a critical security flaw in GNU Wget versions through 1.24.5, where improper handling of semicolons in URIs can lead to misinterpretation of user information as part of the host. This vulnerability, tracked as CVE-2024-38428, allows attackers to potentially bypass security measures. With a CVSS score of 9.1 and an SVRS of 79, this issue requires immediate attention. The SVRS indicates a high level of real-world risk due to observed exploit attempts. The primary risk is that malicious actors can manipulate URIs to redirect users to unintended or harmful destinations, compromising system security. This vulnerability is significant due to the widespread use of Wget in various applications and systems.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-38428 | GNU wget up to 1.24.5 Semicolon url.c interpretation conflict (Nessus ID 209773)

vuldb.com2025-03-23

CVE-2024-38428 | GNU wget up to 1.24.5 Semicolon url.c interpretation conflict (Nessus ID 209773) | A vulnerability, which was classified as problematic, was found in GNU wget up to 1.24.5. This affects an unknown part of the file url.c of the component Semicolon Handler. The manipulation leads to interpretation conflict. This vulnerability is uniquely identified as CVE-2024-38428</a

vuldb.com

rss

forum

news

CVE-2024-38428 | GNU wget up to 1.24.5 Semicolon url.c interpretation conflict

vuldb.com2024-10-29

CVE-2024-38428 | GNU wget up to 1.24.5 Semicolon url.c interpretation conflict | A vulnerability, which was classified as problematic, was found in GNU wget up to 1.24.5. This affects an unknown part of the file url.c of the component Semicolon Handler. The manipulation leads to interpretation conflict. This vulnerability is uniquely identified as CVE-2024-38428. It is

vuldb.com

rss

forum

news

Tageszusammenfassung - 18.06.2024

CERT.at2024-06-18

Tageszusammenfassung - 18.06.2024 | End-of-Day report Timeframe: Montag 17-06-2024 18:02 - Dienstag 18-06-2024 18:02 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer News Hackers use F5 BIG-IP malware to stealthily steal data for years A group of suspected Chinese cyberespionage actors named Velvet Ant are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data. <a href="https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years/

cve-2024-38428

cve-2024-0044

domains

urls

CVE-2024-38428 | GNU wget up to 1.24.5 Semicolon url.c unknown vulnerability

vuldb.com2024-06-16

CVE-2024-38428 | GNU wget up to 1.24.5 Semicolon url.c unknown vulnerability | A vulnerability, which was classified as problematic, was found in GNU wget up to 1.24.5. This affects an unknown part of the file url.c of the component Semicolon Handler. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2024-38428. It

pysa

vuldb.com

rss

forum

Social Media

OpsMatters

@opsmatters_uk

2024-08-20

The latest update for #JFrog includes "Out with the Old – Keeping Your Software Secure by Managing Dependencies" and "CVE-2024-38428 Wget Vulnerability: All you need to know". #cybersecurity #devops #CICD #Artifactory https://t.co/FRw2xpd51u

bbupdate

@inbbupdates

2024-08-16

CVE-2024-38428 Wget Vulnerability: All you need to know https://t.co/Cuqonst8zJ Published By :- Goni Golan #infosec #bugbounty #TogetherWeHitHarder #inbbupdatesblogs

OpsMatters

@opsmatters_uk

2024-08-13

The latest update for #JFrog includes "CVE-2024-38428 Wget Vulnerability: All you need to know" and "Point Solutions vs Platform – Which is Best to Secure your Software #SupplyChain?". #cybersecurity #devops #CICD #Artifactory https://t.co/FRw2xpd51u

3C N-SOC

@3cSoc

2024-06-20

🚨 Critical vulnerability CVE-2024-38428 in wget with a CVSS score of 10.0. Affects versions <=1.24.5. Users should stop using wget immediately until a fixed version is available. #CyberSecurity #wget #CVE202438428

CVE

@CVEnew

2024-06-16

CVE-2024-38428 url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed … https://t.co/In8kHnkAVr

Affected Software

Configuration 1

Type	Vendor	Product
App	Gnu	wget

References

Reference	Link
[email protected]	https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
[email protected]	https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html

CWE Details

CWE ID	CWE Name	Description
CWE-436	Interpretation Conflict	Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence