Description
BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =1:1.30.1-6 || =1:1.30.1-6+deb11u1 || =1:1.30.1-7 || =1:1.35.0-1 || =1:1.35.0-2 || =1:1.35.0-2+hurd.1 || =1:1.35.0-2+hurd.2 || =1:1.35.0-3 || =1:1.35.0-4 || =1:1.36.0-1~exp1 || =1:1.36.1-1 || =1:1.36.1-2 || =1:1.36.1-3 || =1:1.36.1-3.1 || =1:1.36.1-4 || =1:1.36.1-5 || =1:1.36.1-6 || =1:1.36.1-6~exp.1 || =1:1.36.1-7 || =1:1.36.1-8 || =1:1.36.1-9 || =1:1.37.0-1 || =1:1.37.0-10 || =1:1.37.0-10.1 || =1:1.37.0-2 || =1:1.37.0-3 || =1:1.37.0-4 || =1:1.37.0-5 || =1:1.37.0-6 || =1:1.37.0-7 || =1:1.37.0-8 || =1:1.37.0-9 | - |
debian 12 | | =1:1.35.0-4 || =1:1.35.0-4+deb12u1 || =1:1.36.0-1~exp1 || =1:1.36.1-1 || =1:1.36.1-2 || =1:1.36.1-3 || =1:1.36.1-3.1 || =1:1.36.1-4 || =1:1.36.1-5 || =1:1.36.1-6 || =1:1.36.1-6~exp.1 || =1:1.36.1-7 || =1:1.36.1-8 || =1:1.36.1-9 || =1:1.37.0-1 || =1:1.37.0-10 || =1:1.37.0-10.1 || =1:1.37.0-2 || =1:1.37.0-3 || =1:1.37.0-4 || =1:1.37.0-5 || =1:1.37.0-6 || =1:1.37.0-7 || =1:1.37.0-8 || =1:1.37.0-9 | - |
debian 13 | | =1:1.37.0-10 || =1:1.37.0-10.1 || =1:1.37.0-6 || =1:1.37.0-7 || =1:1.37.0-8 || =1:1.37.0-9 | - |
debian 14 | | =1:1.37.0-6 || =1:1.37.0-7 || >=0 <1:1.37.0-8 | 1:1.37.0-8 |
 rpm rhel6 | | - | - |
