CVE-2004-2014 still unpatched #29
Description
This vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2004-2014
was reported 20 years ago. It is still working on Wget 1.21.4
Here original details:
Fix is simple: just lock the file where Wget will write the downloaded file. A safe programming approach would be to use O_CREAT | O_EXCL when creating a file
This approach ensures that the file is created and locked atomically. If the file already exists (even as a symlink), the operation will fail.
Best,