CVE-2018-7685 is a vulnerability in OpenSuse Libzypp
Published on August 31, 2018
libzypp does not reevaluate malicious rpms once downloaded
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.
Weakness Type
Improperly Implemented Security Check for Standard
The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Products Associated with CVE-2018-7685
Want to know whenever a new CVE is published for OpenSuse Libzypp? stack.watch will email you.
Affected Versions
SUSE libzypp:- Version unspecified and below 17.5.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.