Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-7685

Опубликовано: 31 авг. 2018
Источник: nvd
CVSS3: 7.8
CVSS3: 7.8
CVSS2: 4.6
EPSS Низкий

Описание

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:*
Версия до 17.5.0 (исключая)

EPSS

Процентиль: 22%
0.00073
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-358
CWE-347

Связанные уязвимости

ubuntu логотип

CVE-2018-7685

CVSS3: 7.8
ubuntu
больше 7 лет назад

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.

debian логотип

CVE-2018-7685

CVSS3: 7.8
debian
больше 7 лет назад

The decoupled download and installation steps in libzypp before 17.5.0 ...

suse-cvrf логотип

openSUSE-SU-2018:2881-1

suse-cvrf
больше 7 лет назад

Security update for libzypp, zypper

github логотип

GHSA-mrf9-ghhp-cjff

CVSS3: 7.8
github
больше 3 лет назад

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.

suse-cvrf логотип

openSUSE-SU-2018:2739-1

suse-cvrf
больше 7 лет назад

Security update for libzypp, zypper

EPSS

Процентиль: 22%
0.00073
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-358
CWE-347