What is CVE-2017-9269?

CVE-2017-9269 is a high-severity vulnerability in Suse Libzypp, classified under CWE-757. CVSS score: 7.7/10. Published 2018-03-01.

How severe is CVE-2017-9269?

High severity. CVSS v3 base score is 7.7 out of 10.

Vulnerability in Suse Libzypp

CVE-2017-9269

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

EPSS: 0.006 (71.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L.

Affected products

Suse Libzypp — versions unspecified

Weakness classification (CWE)

CWE-757

References

SUSE-SU-2017:2040 (vendor-advisory, x_refsource_SUSE)
bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)
www.suse.com/de-de/security/cve/CVE-2017-9269/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-9269?: CVE-2017-9269 is a high-severity vulnerability in Suse Libzypp, classified under CWE-757. CVSS score: 7.7/10. Published 2018-03-01.
How severe is CVE-2017-9269?: High severity. CVSS v3 base score is 7.7 out of 10.