CVE-2018-7685
- Source
- https://cve.org/CVERecord?id=CVE-2018-7685
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7685.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-7685
- Downstream
- Related
- Published
- 2018-08-31T15:29:00.253Z
- Modified
- 2026-04-11T18:10:55.003140Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.
- References
Affected packages
Git / github.com/opensuse/libzypp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensuse/libzypp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "fixed": "17.5.0" } ], "cpe": "cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:*" }
Affected versions
10.*
10.0.0
10.1.0
10.1.1
10.2.0
10.3.0
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
11.*
11.0.0
11.1.0
11.1.1
11.2.0
11.3.0
11.4.0
11.5.0
11.6.0
11.6.2
11.6.3
11.7.0
12.*
12.0.0
12.0.1
12.1.0
12.10.0
12.10.1
12.11.0
12.2.0
12.3.0
12.4.0
12.5.0
12.6.0
12.7.0
12.8.0
12.8.1
12.9.0
13.*
13.0.0
13.1.0
13.2.0
13.3.0
13.4.0
13.5.0
13.6.0
13.7.0
14.*
14.0.0
14.1.0
14.1.1
14.10.0
14.11.0
14.12.0
14.13.0
14.14.0
14.15.0
14.16.0
14.16.1
14.17.0
14.17.1
14.17.2
14.17.3
14.17.4
14.17.5
14.18.0
14.19.0
14.2.0
14.2.1
14.20.0
14.21.0
14.22.0
14.23.0
14.24.0
14.25.0
14.26.0
14.26.1
14.27.0
14.27.1
14.27.2
14.28.0
14.29.0
14.29.1
14.29.2
14.29.3
14.29.4
14.3.0
14.30.0
14.30.1
14.30.2
14.31.0
14.32.0
14.32.1
14.32.2
14.33.0
14.34.0
14.35.0
14.36.0
14.37.0
14.37.1
14.38.0
14.38.1
14.4.0
14.5.0
14.6.0
14.7.0
14.8.0
14.9.0
15.*
15.0.0
15.1.0
15.1.1
15.1.2
15.1.3
15.10.0
15.11.0
15.12.0
15.13.0
15.14.0
15.15.0
15.16.0
15.16.1
15.16.2
15.17.0
15.17.1
15.17.2
15.18.0
15.19.0
15.19.1
15.19.2
15.19.3
15.19.4
15.19.5
15.19.6
15.19.7
15.2.0
15.20.0
15.21.0
15.21.1
15.21.2
15.21.3
15.21.4
15.21.5
15.21.6
15.21.7
15.22.0
15.3.0
15.4.0
15.4.1
15.5.0
15.6.0
15.7.0
15.8.0
15.9.0
16.*
16.0.0
16.0.3
16.0.5
16.1.0
16.1.2
16.1.3
16.10.0
16.11.0
16.12.0
16.13.0
16.14.0
16.15.0
16.15.1
16.15.2
16.15.3
16.15.4
16.15.5
16.15.6
16.16.0
16.17.0
16.17.1
16.17.2
16.17.3
16.2.0
16.2.1
16.2.2
16.2.25
16.2.3
16.2.4
16.3.0
16.3.1
16.3.2
16.4.0
16.4.1
16.4.2
16.4.3
16.5.0
16.5.1
16.5.2
16.6.0
16.6.1
16.7.0
16.8.0
16.9.0
17.*
17.0.0
17.0.1
17.0.2
17.0.3
17.0.4
17.0.5
17.1.0
17.1.1
17.1.2
17.1.3
17.2.0
17.2.1
17.2.2
17.3.0
17.3.1
17.4.0
6.*
6.10.0
6.10.1
6.11.0
6.11.2
6.11.4
6.12.0
6.13.0
6.13.3
6.14.0
6.14.1
6.14.3
6.15.0
6.16.0
6.17.0
6.17.1
6.17.2
6.18.0
6.18.1
6.18.2
6.19.0
6.19.1
6.19.2
6.19.3
6.20.0
6.21.0
6.21.1
6.21.2
6.21.3
6.21.4
6.22.0
6.22.1
6.22.3
6.23.0
6.24.0
6.24.2
6.24.3
6.25.0
6.26.0
6.27.0
6.27.1
6.29.0
6.29.2
6.29.3
6.29.4
6.29.5
6.30.1
6.30.3
6.30.5
6.31.0
6.31.1
6.31.2
6.31.3
6.6.0
6.7.0
6.8.0
6.8.1
6.8.2
6.8.3
6.9.0
6.9.1
6.9.2
6.9.3
7.*
7.0.0
7.1.0
7.1.1
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.7.2
7.7.3
7.7.4
7.7.5
8.*
8.0.1
8.1.0
8.1.1
8.1.2
8.10.5
8.10.6
8.11.0
8.12.0
8.12.1
8.2.0
8.3.0
8.4.0
8.5.0
9.*
9.0.0
9.0.1
9.0.2
9.0.3
9.1.0
9.1.1
9.1.2
9.10.0
9.10.1
9.10.2
9.11.0
9.2.0
9.3.0
9.4.0
9.5.0
9.6.0
9.7.0
9.8.0
9.8.1
9.8.2
9.8.3
9.8.4
9.8.5
9.8.6
9.8.7
9.9.0
9.9.1
9.9.2
Other
BASE-SuSE-Code-11-Branch
BASE-SuSE-Code-11_2-Branch
BASE-SuSE-Code-11_4-Branch
BASE-SuSE-Code-12_1-Branch
BASE-SuSE-Code-12_2-Branch
BASE-SuSE-Code-12_3-Branch
BASE-SuSE-Code-13_1-Branch
BASE-SuSE-Linux-10_3-Branch
BASE-SuSE-Linux-11_0-Branch
BASE-SuSE-SLE-10-SP2-Branch
BASE-SuSE-SLE-11-SP2-Branch
BASE-SuSE-SLE-12-Branch
BASE-SuSE-SLE-12-SP1-Branch
BASE-SuSE-SLE-12-SP2-Branch