CVE-2018-7685

Summary

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.

Affected Software

VendorProductVersion RangeStatus
SUSElibzyppunspecified < 17.5.0affected

Weaknesses

  • CWE-358: CWE-358

ADP Enrichment

CVE Program Container

Additional References

References