CVE-2017-9269

CRITICAL9.8EPSS 0.64%

Published: 3/1/2018Modified: 4/28/2026

Also known as:DEBIAN-CVE-2017-9269

Description

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

Affected packages (1)

Debian/libzyppfrom 0, < 17.3.1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-9269