CVE-2006-6719

GNU wget 1.10.2 - Denial of Service via FTP SYST Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6719. PoCs published by Federico L. Bossi Bonin.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) condition in wget <= 1.10.2 by triggering an unchecked boundary condition in the FTP SYST command handling, leading to a segmentation fault. The PoC sets up a malicious FTP server that responds with a crafted SYST response to crash the wget client.

Description

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Federico L. Bossi Bonin · perldosmultiple
https://www.exploit-db.com/exploits/2947

This exploit demonstrates a denial-of-service (DoS) condition in wget <= 1.10.2 by triggering an unchecked boundary condition in the FTP SYST command handling, leading to a segmentation fault. The PoC sets up a malicious FTP server that responds with a crafted SYST response to crash the wget client.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: wget <= 1.10.2
No auth needed
Prerequisites: Network access to the target · Target must initiate an FTP connection to the attacker's server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-930
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21650
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2947
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:017

Scores

EPSS 0.0394
EPSS Percentile 89.1%

Details

Status published
Products (12)
gnu/wget 1.5.3
gnu/wget 1.6
gnu/wget 1.7
gnu/wget 1.7.1
gnu/wget 1.8
gnu/wget 1.8.1
gnu/wget 1.8.2
gnu/wget 1.9
gnu/wget 1.9.1
gnu/wget 1.10
... and 2 more
Published Dec 23, 2006
Tracked Since Feb 18, 2026