CVE-2017-7436

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7436
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7436.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7436
Downstream
Related
Published
2018-03-01T20:29:00.693Z
Modified
2025-11-14T05:17:06.929565Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

References

Affected packages

Git / github.com/opensuse/libzypp

Affected ranges

Type
GIT
Repo
https://github.com/opensuse/libzypp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
934c21b05a748c2fc30b6dcdb0ed20f1ada6a9af

Affected versions

10.*

10.0.0
10.1.0
10.1.1
10.2.0
10.3.0
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5

11.*

11.0.0
11.1.0
11.1.1
11.2.0
11.3.0
11.4.0
11.5.0
11.6.0
11.6.2
11.6.3
11.7.0

12.*

12.0.0
12.0.1
12.1.0
12.10.0
12.10.1
12.11.0
12.2.0
12.3.0
12.4.0
12.5.0
12.6.0
12.7.0
12.8.0
12.8.1
12.9.0

13.*

13.0.0
13.1.0
13.2.0
13.3.0
13.4.0
13.5.0
13.6.0
13.7.0

14.*

14.0.0
14.1.0
14.1.1
14.10.0
14.11.0
14.12.0
14.13.0
14.14.0
14.15.0
14.16.0
14.16.1
14.17.0
14.17.1
14.17.2
14.17.3
14.17.4
14.17.5
14.18.0
14.19.0
14.2.0
14.2.1
14.20.0
14.21.0
14.22.0
14.23.0
14.24.0
14.25.0
14.26.0
14.26.1
14.27.0
14.27.1
14.27.2
14.28.0
14.29.0
14.29.1
14.29.2
14.29.3
14.29.4
14.3.0
14.30.0
14.30.1
14.30.2
14.31.0
14.32.0
14.32.1
14.32.2
14.33.0
14.34.0
14.35.0
14.36.0
14.37.0
14.37.1
14.38.0
14.38.1
14.4.0
14.5.0
14.6.0
14.7.0
14.8.0
14.9.0

15.*

15.0.0
15.1.0
15.1.1
15.1.2
15.1.3
15.10.0
15.11.0
15.12.0
15.13.0
15.14.0
15.15.0
15.16.0
15.16.1
15.16.2
15.17.0
15.17.1
15.17.2
15.18.0
15.19.0
15.19.1
15.19.2
15.19.3
15.19.4
15.19.5
15.19.6
15.19.7
15.2.0
15.20.0
15.21.0
15.21.1
15.21.2
15.21.3
15.21.4
15.21.5
15.21.6
15.21.7
15.22.0
15.3.0
15.4.0
15.4.1
15.5.0
15.6.0
15.7.0
15.8.0
15.9.0

16.*

16.0.0
16.0.1
16.0.2
16.0.3
16.0.4
16.0.5
16.1.0
16.1.1
16.1.2
16.1.3
16.10.0
16.11.0
16.12.0
16.13.0
16.14.0
16.15.0
16.15.1
16.15.2
16.2.0
16.2.1
16.2.2
16.2.25
16.2.3
16.2.4
16.3.0
16.3.1
16.3.2
16.4.0
16.4.1
16.4.2
16.4.3
16.5.0
16.5.1
16.5.2
16.6.0
16.6.1
16.7.0
16.8.0
16.9.0

6.*

6.10.0
6.10.1
6.11.0
6.11.2
6.11.4
6.12.0
6.13.0
6.13.3
6.14.0
6.14.1
6.14.3
6.15.0
6.16.0
6.17.0
6.17.1
6.17.2
6.18.0
6.18.1
6.18.2
6.19.0
6.19.1
6.19.2
6.19.3
6.20.0
6.21.0
6.21.1
6.21.2
6.21.3
6.21.4
6.22.0
6.22.1
6.22.3
6.23.0
6.24.0
6.24.2
6.24.3
6.25.0
6.26.0
6.27.0
6.27.1
6.29.0
6.29.2
6.29.3
6.29.4
6.29.5
6.30.1
6.30.3
6.30.5
6.31.0
6.31.1
6.31.2
6.31.3
6.6.0
6.7.0
6.8.0
6.8.1
6.8.2
6.8.3
6.9.0
6.9.1
6.9.2
6.9.3

7.*

7.0.0
7.1.0
7.1.1
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.7.2
7.7.3
7.7.4
7.7.5
7.8.0

8.*

8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.10.0
8.10.1
8.10.2
8.10.3
8.10.4
8.10.5
8.10.6
8.11.0
8.12.0
8.12.1
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.7.1
8.8.0
8.8.1
8.8.2
8.9.0

9.*

9.0.0
9.0.1
9.0.2
9.0.3
9.1.0
9.1.1
9.1.2
9.10.0
9.10.1
9.10.2
9.11.0
9.2.0
9.3.0
9.4.0
9.5.0
9.6.0
9.7.0
9.8.0
9.8.1
9.8.2
9.8.3
9.8.4
9.8.5
9.8.6
9.8.7
9.9.0
9.9.1
9.9.2

Other

BASE-SuSE-Code-11-Branch
BASE-SuSE-Code-11_2-Branch
BASE-SuSE-Code-11_3-Branch
BASE-SuSE-Code-11_4-Branch
BASE-SuSE-Code-12_1-Branch
BASE-SuSE-Code-12_2-Branch
BASE-SuSE-Code-12_3-Branch
BASE-SuSE-Code-13_1-Branch
BASE-SuSE-Linux-10_3-Branch
BASE-SuSE-Linux-11_0-Branch
BASE-SuSE-SLE-10-SP2-Branch
BASE-SuSE-SLE-11-SP2-Branch
BASE-SuSE-SLE-12-Branch
BASE-SuSE-SLE-12-SP1-Branch

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7436.json"