{
  "threat_severity" : "Important",
  "public_date" : "2019-04-03T00:00:00Z",
  "bugzilla" : {
    "description" : "wget: do_conversion() heap-based buffer overflow vulnerability",
    "id" : "1695679",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1695679"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.", "A buffer overflow flaw was found in the GNU Wget in version 1.20.1 and earlier when processing Internationalized Resource Identifiers. This flaw allows an attacker to execute arbitrary code or cause a denial of service." ],
  "statement" : "This issue did not affect the versions of wget as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of wget as shipped with Red Hat Enterprise Linux 7.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-05-14T00:00:00Z",
    "advisory" : "RHSA-2019:1228",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "wget-0:1.14-18.el7_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2019-10-23T00:00:00Z",
    "advisory" : "RHSA-2019:3168",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "wget-0:1.14-15.el7_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2019-10-23T00:00:00Z",
    "advisory" : "RHSA-2019:3168",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "wget-0:1.14-15.el7_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2019-10-23T00:00:00Z",
    "advisory" : "RHSA-2019:3168",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "wget-0:1.14-15.el7_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2019-10-08T00:00:00Z",
    "advisory" : "RHSA-2019:2979",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "wget-0:1.14-16.el7_5.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-05-07T00:00:00Z",
    "advisory" : "RHSA-2019:0983",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "wget-0:1.19.5-7.el8_0.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "wget",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "wget",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-5953\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5953" ],
  "name" : "CVE-2019-5953",
  "csaw" : false
}