CVE-2017-7436
Description
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.521
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2017:2040-1(SUSE Linux Enterprise Desktop 12-SP2 ) libzypp-16.15.2-27.21.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2040-1(SUSE Linux Enterprise Desktop 12-SP2 ) libzypp-debuginfo-16.15.2-27.21.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2040-1(SUSE Linux Enterprise Desktop 12-SP2 ) libzypp-debugsource-16.15.2-27.21.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2040-1(SUSE Linux Enterprise Desktop 12-SP2 ) zypper-1.13.30-18.13.3.x86_64.rpm | Linux |
| SUSE-SU-2017:2040-1(SUSE Linux Enterprise Desktop 12-SP2 ) zypper-debuginfo-1.13.30-18.13.3.x86_64.rpm | Linux |
| SUSE-SU-2017:2040-1(SUSE Linux Enterprise Desktop 12-SP2 ) zypper-debugsource-1.13.30-18.13.3.x86_64.rpm | Linux |
| SUSE-SU-2017:2040-1(SUSE Linux Enterprise Desktop 12-SP2 ) zypper-log-1.13.30-18.13.3.noarch.rpm | Linux |
| SUSE-SU-2017:2264-1(SUSE Linux Enterprise Desktop 12-SP3 ) yast2-pkg-bindings-3.2.4-2.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2264-1(SUSE Linux Enterprise Desktop 12-SP3 ) yast2-pkg-bindings-debuginfo-3.2.4-2.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:2264-1(SUSE Linux Enterprise Desktop 12-SP3 ) yast2-pkg-bindings-debugsource-3.2.4-2.3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234