{"id":"CVE-2018-7685","details":"The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.","modified":"2026-04-11T18:10:55.003140Z","published":"2018-08-31T15:29:00.253Z","related":["SUSE-SU-2018:2555-1","SUSE-SU-2018:2688-1","SUSE-SU-2018:2690-1","SUSE-SU-2018:2716-1","SUSE-SU-2018:2716-2","SUSE-SU-2018:2814-1","openSUSE-SU-2024:11019-1"],"references":[{"type":"WEB","url":"http://lists.suse.com/pipermail/sle-security-updates/2018-August/004510.html"},{"type":"WEB","url":"https://www.suse.com/de-de/security/cve/CVE-2018-7685/"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1091624"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensuse/libzypp","events":[{"introduced":"0"},{"fixed":"14cdd394295d8e150fc73d3b26b3ce1b06a28945"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"17.5.0"}],"cpe":"cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:*"}}],"versions":["10.0.0","10.1.0","10.1.1","10.2.0","10.3.0","10.3.1","10.3.2","10.3.3","10.3.4","10.3.5","11.0.0","11.1.0","11.1.1","11.2.0","11.3.0","11.4.0","11.5.0","11.6.0","11.6.2","11.6.3","11.7.0","12.0.0","12.0.1","12.1.0","12.10.0","12.10.1","12.11.0","12.2.0","12.3.0","12.4.0","12.5.0","12.6.0","12.7.0","12.8.0","12.8.1","12.9.0","13.0.0","13.1.0","13.2.0","13.3.0","13.4.0","13.5.0","13.6.0","13.7.0","14.0.0","14.1.0","14.1.1","14.10.0","14.11.0","14.12.0","14.13.0","14.14.0","14.15.0","14.16.0","14.16.1","14.17.0","14.17.1","14.17.2","14.17.3","14.17.4","14.17.5","14.18.0","14.19.0","14.2.0","14.2.1","14.20.0","14.21.0","14.22.0","14.23.0","14.24.0","14.25.0","14.26.0","14.26.1","14.27.0","14.27.1","14.27.2","14.28.0","14.29.0","14.29.1","14.29.2","14.29.3","14.29.4","14.3.0","14.30.0","14.30.1","14.30.2","14.31.0","14.32.0","14.32.1","14.32.2","14.33.0","14.34.0","14.35.0","14.36.0","14.37.0","14.37.1","14.38.0","14.38.1","14.4.0","14.5.0","14.6.0","14.7.0","14.8.0","14.9.0","15.0.0","15.1.0","15.1.1","15.1.2","15.1.3","15.10.0","15.11.0","15.12.0","15.13.0","15.14.0","15.15.0","15.16.0","15.16.1","15.16.2","15.17.0","15.17.1","15.17.2","15.18.0","15.19.0","15.19.1","15.19.2","15.19.3","15.19.4","15.19.5","15.19.6","15.19.7","15.2.0","15.20.0","15.21.0","15.21.1","15.21.2","15.21.3","15.21.4","15.21.5","15.21.6","15.21.7","15.22.0","15.3.0","15.4.0","15.4.1","15.5.0","15.6.0","15.7.0","15.8.0","15.9.0","16.0.0","16.0.3","16.0.5","16.1.0","16.1.2","16.1.3","16.10.0","16.11.0","16.12.0","16.13.0","16.14.0","16.15.0","16.15.1","16.15.2","16.15.3","16.15.4","16.15.5","16.15.6","16.16.0","16.17.0","16.17.1","16.17.2","16.17.3","16.2.0","16.2.1","16.2.2","16.2.25","16.2.3","16.2.4","16.3.0","16.3.1","16.3.2","16.4.0","16.4.1","16.4.2","16.4.3","16.5.0","16.5.1","16.5.2","16.6.0","16.6.1","16.7.0","16.8.0","16.9.0","17.0.0","17.0.1","17.0.2","17.0.3","17.0.4","17.0.5","17.1.0","17.1.1","17.1.2","17.1.3","17.2.0","17.2.1","17.2.2","17.3.0","17.3.1","17.4.0","6.10.0","6.10.1","6.11.0","6.11.2","6.11.4","6.12.0","6.13.0","6.13.3","6.14.0","6.14.1","6.14.3","6.15.0","6.16.0","6.17.0","6.17.1","6.17.2","6.18.0","6.18.1","6.18.2","6.19.0","6.19.1","6.19.2","6.19.3","6.20.0","6.21.0","6.21.1","6.21.2","6.21.3","6.21.4","6.22.0","6.22.1","6.22.3","6.23.0","6.24.0","6.24.2","6.24.3","6.25.0","6.26.0","6.27.0","6.27.1","6.29.0","6.29.2","6.29.3","6.29.4","6.29.5","6.30.1","6.30.3","6.30.5","6.31.0","6.31.1","6.31.2","6.31.3","6.6.0","6.7.0","6.8.0","6.8.1","6.8.2","6.8.3","6.9.0","6.9.1","6.9.2","6.9.3","7.0.0","7.1.0","7.1.1","7.2.0","7.3.0","7.4.0","7.5.0","7.6.0","7.6.1","7.7.2","7.7.3","7.7.4","7.7.5","8.0.1","8.1.0","8.1.1","8.1.2","8.10.5","8.10.6","8.11.0","8.12.0","8.12.1","8.2.0","8.3.0","8.4.0","8.5.0","9.0.0","9.0.1","9.0.2","9.0.3","9.1.0","9.1.1","9.1.2","9.10.0","9.10.1","9.10.2","9.11.0","9.2.0","9.3.0","9.4.0","9.5.0","9.6.0","9.7.0","9.8.0","9.8.1","9.8.2","9.8.3","9.8.4","9.8.5","9.8.6","9.8.7","9.9.0","9.9.1","9.9.2","BASE-SuSE-Code-11-Branch","BASE-SuSE-Code-11_2-Branch","BASE-SuSE-Code-11_4-Branch","BASE-SuSE-Code-12_1-Branch","BASE-SuSE-Code-12_2-Branch","BASE-SuSE-Code-12_3-Branch","BASE-SuSE-Code-13_1-Branch","BASE-SuSE-Linux-10_3-Branch","BASE-SuSE-Linux-11_0-Branch","BASE-SuSE-SLE-10-SP2-Branch","BASE-SuSE-SLE-11-SP2-Branch","BASE-SuSE-SLE-12-Branch","BASE-SuSE-SLE-12-SP1-Branch","BASE-SuSE-SLE-12-SP2-Branch"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7685.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}