5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.5%
zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
CPE | Name | Operator | Version |
---|---|---|---|
opensuse:zypper | opensuse zypper | eq | 10.2 |
opensuse:zypper | opensuse zypper | eq | 10.3 |
opensuse:zypper | opensuse zypper | eq | 11.0 |
More