CVE-2018-7685

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-7685

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7685.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-7685

Related

Published

2018-08-31T15:29:00Z

Modified

2025-01-08T05:31:28.990926Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.

References

Affected packages

Debian:11 / libzypp

Package

Name: libzypp
Purl: pkg:deb/debian/libzypp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libzypp

Package

Name: libzypp
Purl: pkg:deb/debian/libzypp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libzypp

Package

Name: libzypp
Purl: pkg:deb/debian/libzypp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/opensuse/libzypp

Affected ranges

Type: GIT
Repo: https://github.com/opensuse/libzypp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

14cdd394295d8e150fc73d3b26b3ce1b06a28945

Affected versions

10.*

10.0.0

10.1.0

10.1.1

10.2.0

10.3.0

10.3.1

10.3.2

10.3.3

10.3.4

10.3.5

11.*

11.0.0

11.1.0

11.1.1

11.2.0

11.3.0

11.4.0

11.5.0

11.6.0

11.6.2

11.6.3

11.7.0

12.*

12.0.0

12.0.1

12.1.0

12.10.0

12.10.1

12.11.0

12.2.0

12.3.0

12.4.0

12.5.0

12.6.0

12.7.0

12.8.0

12.8.1

12.9.0

13.*

13.0.0

13.1.0

13.2.0

13.3.0

13.4.0

13.5.0

13.6.0

13.7.0

14.*

14.0.0

14.1.0

14.1.1

14.10.0

14.11.0

14.12.0

14.13.0

14.14.0

14.15.0

14.16.0

14.16.1

14.17.0

14.17.1

14.17.2

14.17.3

14.17.4

14.17.5

14.18.0

14.19.0

14.2.0

14.2.1

14.20.0

14.21.0

14.22.0

14.23.0

14.24.0

14.25.0

14.26.0

14.26.1

14.27.0

14.27.1

14.27.2

14.28.0

14.29.0

14.29.1

14.29.2

14.29.3

14.29.4

14.3.0

14.30.0

14.30.1

14.30.2

14.31.0

14.32.0

14.32.1

14.32.2

14.33.0

14.34.0

14.35.0

14.36.0

14.37.0

14.37.1

14.38.0

14.38.1

14.4.0

14.5.0

14.6.0

14.7.0

14.8.0

14.9.0

15.*

15.0.0

15.1.0

15.1.1

15.1.2

15.1.3

15.10.0

15.11.0

15.12.0

15.13.0

15.14.0

15.15.0

15.16.0

15.16.1

15.16.2

15.17.0

15.17.1

15.17.2

15.18.0

15.19.0

15.19.1

15.19.2

15.19.3

15.19.4

15.19.5

15.19.6

15.19.7

15.2.0

15.20.0

15.21.0

15.21.1

15.21.2

15.21.3

15.21.4

15.21.5

15.21.6

15.21.7

15.22.0

15.3.0

15.4.0

15.4.1

15.5.0

15.6.0

15.7.0

15.8.0

15.9.0

16.*

16.0.0

16.0.1

16.0.2

16.0.3

16.0.4

16.0.5

16.1.0

16.1.1

16.1.2

16.1.3

16.10.0

16.11.0

16.12.0

16.13.0

16.14.0

16.15.0

16.15.1

16.15.2

16.15.3

16.15.4

16.15.5

16.15.6

16.16.0

16.17.0

16.17.1

16.17.2

16.17.3

16.2.0

16.2.1

16.2.2

16.2.25

16.2.3

16.2.4

16.3.0

16.3.1

16.3.2

16.4.0

16.4.1

16.4.2

16.4.3

16.5.0

16.5.1

16.5.2

16.6.0

16.6.1

16.7.0

16.8.0

16.9.0

17.*

17.0.0

17.0.1

17.0.2

17.0.3

17.0.4

17.0.5

17.1.0

17.1.1

17.1.2

17.1.3

17.2.0

17.2.1

17.2.2

17.3.0

17.3.1

17.4.0

6.*

6.10.0

6.10.1

6.11.0

6.11.2

6.11.4

6.12.0

6.13.0

6.13.3

6.14.0

6.14.1

6.14.3

6.15.0

6.16.0

6.17.0

6.17.1

6.17.2

6.18.0

6.18.1

6.18.2

6.19.0

6.19.1

6.19.2

6.19.3

6.20.0

6.21.0

6.21.1

6.21.2

6.21.3

6.21.4

6.22.0

6.22.1

6.22.3

6.23.0

6.24.0

6.24.2

6.24.3

6.25.0

6.26.0

6.27.0

6.27.1

6.29.0

6.29.2

6.29.3

6.29.4

6.29.5

6.30.1

6.30.3

6.30.5

6.31.0

6.31.1

6.31.2

6.31.3

6.6.0

6.7.0

6.8.0

6.8.1

6.8.2

6.8.3

6.9.0

6.9.1

6.9.2

6.9.3

7.*

7.0.0

7.1.0

7.1.1

7.2.0

7.3.0

7.4.0

7.5.0

7.6.0

7.6.1

7.7.2

7.7.3

7.7.4

7.7.5

7.8.0

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.10.0

8.10.1

8.10.2

8.10.3

8.10.4

8.10.5

8.10.6

8.11.0

8.12.0

8.12.1

8.2.0

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.7.1

8.8.0

8.8.1

8.8.2

8.9.0

9.*

9.0.0

9.0.1

9.0.2

9.0.3

9.1.0

9.1.1

9.1.2

9.10.0

9.10.1

9.10.2

9.11.0

9.2.0

9.3.0

9.4.0

9.5.0

9.6.0

9.7.0

9.8.0

9.8.1

9.8.2

9.8.3

9.8.4

9.8.5

9.8.6

9.8.7

9.9.0

9.9.1

9.9.2

Other

BASE-SuSE-Code-11-Branch

BASE-SuSE-Code-11_2-Branch

BASE-SuSE-Code-11_3-Branch

BASE-SuSE-Code-11_4-Branch

BASE-SuSE-Code-12_1-Branch

BASE-SuSE-Code-12_2-Branch

BASE-SuSE-Code-12_3-Branch

BASE-SuSE-Code-13_1-Branch

BASE-SuSE-Linux-10_3-Branch

BASE-SuSE-Linux-11_0-Branch

BASE-SuSE-SLE-10-SP2-Branch

BASE-SuSE-SLE-11-SP2-Branch

BASE-SuSE-SLE-12-Branch

BASE-SuSE-SLE-12-SP1-Branch

BASE-SuSE-SLE-12-SP2-Branch