What is CVE-2018-7685?

CVE-2018-7685 is a high-severity vulnerability in Suse Libzypp, classified under CWE-358. CVSS score: 7.8/10. Published 2018-08-31.

How severe is CVE-2018-7685?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Suse Libzypp

CVE-2018-7685

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malici…

EPSS: 0.001 (22.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Suse Libzypp — versions unspecified

Weakness classification (CWE)

CWE-358

References

bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)
www.suse.com/de-de/security/cve/CVE-2018-7685/ (x_refsource_MISC)
lists.suse.com/pipermail/sle-security-updates/2018-August/004510.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-7685?: CVE-2018-7685 is a high-severity vulnerability in Suse Libzypp, classified under CWE-358. CVSS score: 7.8/10. Published 2018-08-31.
How severe is CVE-2018-7685?: High severity. CVSS v3 base score is 7.8 out of 10.