{"id":"CVE-2017-7435","details":"In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.","modified":"2026-05-28T04:04:29.350051602Z","published":"2018-03-01T20:29:00.617Z","related":["SUSE-SU-2017:2040-1","SUSE-SU-2017:2264-1","SUSE-SU-2018:2555-1","SUSE-SU-2018:2688-1","openSUSE-SU-2024:11019-1"],"database_specific":{},"references":[{"type":"WEB","url":"https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html"},{"type":"WEB","url":"https://www.suse.com/de-de/security/cve/CVE-2017-7435/"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1009127"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensuse/libzypp","events":[{"introduced":"0"},{"last_affected":"934c21b05a748c2fc30b6dcdb0ed20f1ada6a9af"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"16.15.2"}],"cpe":"cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["16.15.2","16.15.1","16.15.0","16.14.0","16.13.0","16.12.0","16.11.0","16.10.0","16.9.0","16.8.0","16.7.0","16.6.1","16.6.0","16.5.2","16.5.1","16.5.0","16.4.3","16.4.2","16.4.1","16.4.0","16.3.2","16.3.1","16.3.0","16.2.25","16.2.4","16.2.3","16.2.2","16.2.1","16.2.0","16.1.3","16.1.2","16.1.0","16.0.5","16.0.3","16.0.0","BASE-SuSE-SLE-12-SP1-Branch","15.22.0","15.21.7","15.21.6","15.21.5","15.21.4","15.21.3","15.21.2","15.21.1","15.21.0","15.20.0","15.19.7","15.19.6","15.19.5","15.19.4","15.19.3","15.19.2","15.19.1","15.19.0","15.18.0","15.17.2","15.17.1","15.17.0","15.16.2","15.16.1","15.16.0","15.15.0","15.14.0","15.13.0","15.12.0","15.11.0","15.10.0","15.9.0","15.8.0","15.7.0","15.6.0","15.5.0","15.4.1","15.4.0","15.3.0","15.2.0","15.1.3","15.1.2","15.1.1","15.1.0","15.0.0","BASE-SuSE-SLE-12-Branch","14.38.1","14.38.0","14.37.1","14.37.0","14.36.0","14.35.0","14.34.0","14.33.0","14.32.2","14.32.1","14.32.0","14.31.0","14.30.2","14.30.1","14.30.0","14.29.4","14.29.3","14.29.2","14.29.1","14.29.0","14.28.0","14.27.2","14.27.1","14.27.0","14.26.1","14.26.0","14.25.0","14.24.0","14.23.0","14.22.0","14.21.0","14.20.0","14.19.0","14.18.0","14.17.5","14.17.4","14.17.3","14.17.2","14.17.1","14.17.0","14.16.1","14.16.0","14.15.0","14.14.0","14.13.0","14.12.0","14.11.0","14.10.0","14.9.0","14.8.0","14.7.0","14.6.0","14.5.0","14.4.0","14.3.0","14.2.1","14.2.0","14.1.1","14.1.0","BASE-SuSE-Code-13_1-Branch","14.0.0","13.7.0","13.6.0","13.5.0","13.4.0","13.3.0","13.2.0","13.1.0","13.0.0","BASE-SuSE-Code-12_3-Branch","12.11.0","12.10.1","12.10.0","12.9.0","12.8.1","12.8.0","12.7.0","12.6.0","12.5.0","12.4.0","12.3.0","12.2.0","12.1.0","12.0.1","12.0.0","BASE-SuSE-Code-12_2-Branch","11.7.0","11.6.3","11.6.2","11.6.0","11.5.0","11.4.0","11.3.0","11.2.0","11.1.1","11.1.0","BASE-SuSE-Code-12_1-Branch","11.0.0","10.3.5","10.3.4","10.3.3","10.3.2","10.3.1","10.3.0","10.2.0","10.1.1","BASE-SuSE-SLE-11-SP2-Branch","9.11.0","10.1.0","10.0.0","9.10.2","9.10.1","9.10.0","9.9.2","9.9.1","9.9.0","9.8.7","9.8.6","9.8.5","9.8.4","9.8.3","9.8.2","9.8.1","9.8.0","9.7.0","9.6.0","9.5.0","9.4.0","9.3.0","9.2.0","9.1.2","9.1.1","9.1.0","9.0.3","9.0.2","9.0.1","9.0.0","BASE-SuSE-Code-11_4-Branch","8.12.1","8.12.0","8.11.0","8.10.6","8.10.5","8.5.0","8.4.0","8.3.0","8.2.0","8.1.2","8.1.1","8.1.0","8.0.1","7.7.5","7.7.4","7.7.3","7.7.2","7.6.1","7.6.0","7.5.0","7.4.0","7.3.0","7.2.0","7.1.1","7.1.0","7.0.0","6.31.3","6.31.2","6.31.1","6.31.0","6.30.5","BASE-SuSE-Code-11_2-Branch","6.30.3","6.30.1","6.29.5","6.29.4","6.29.3","6.29.2","6.29.0","6.27.1","6.27.0","6.26.0","6.25.0","6.24.3","6.24.2","6.24.0","6.23.0","6.22.3","6.22.1","6.22.0","6.21.4","6.21.3","6.21.2","6.21.1","6.21.0","6.20.0","6.19.3","6.19.2","6.19.1","6.19.0","6.18.2","6.18.1","6.18.0","6.17.2","6.17.1","6.17.0","6.16.0","6.15.0","6.14.3","6.14.1","6.14.0","6.13.3","6.13.0","6.12.0","6.11.4","6.11.2","6.11.0","6.10.1","6.10.0","6.9.3","6.9.2","6.9.1","6.9.0","6.8.3","6.8.2","6.8.1","6.8.0","6.7.0","6.6.0","BASE-SuSE-Code-11-Branch","BASE-SuSE-Linux-11_0-Branch","BASE-SuSE-Linux-10_3-Branch","BASE-SuSE-SLE-10-SP2-Branch"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7435.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}