CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:*

Information

Published : 2018-03-01 12:29

Updated : 2019-10-09 16:29


NVD link : CVE-2017-7436

Mitre link : CVE-2017-7436


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

opensuse

  • libzypp