GNU Wget2 Stack-Based Buffer Overflow Vulnerability in Filename Sanitization

A stack-based buffer overflow vulnerability has been identified in GNU Wget2. This issue arises in the filename sanitization process when the application handles attacker-controlled URL paths, especially with filename restriction options enabled. A remote attacker can exploit this vulnerability by sending a specially crafted URL that, when processed by Wget2, leads to memory corruption. This corruption can cause the application to crash and potentially facilitate further malicious activities.

Impact

Exploitation of this vulnerability causes memory corruption, leading to a crash of the application. However, such stack-based buffer overflows can often be exploited to execute arbitrary code, bypassing the application's security mechanisms.

Reproduction

The vulnerability can be reproduced by using Wget2 to download a file from a URL that has been crafted to exploit the buffer overflow in the filename sanitization logic. This should be done with one of the filename restriction options enabled, such as 'windows', 'unix', or 'ascii'.