Lucene search
MitreCVE-2013-3704HistoryOct 28, 2013 - 10:55 p.m.
CVE-2013-3704
2013-10-2822:55:03
CWE-310
mitre
web.nvd.nist.gov
29
rpm
gpg key
libzypp
security vulnerability
cve-2013-3704
remote attack
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
50.5%
The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key.
Affected configurations
Node
novelllibzyppRange≤12.15.0
ORnovelllibzyppMatch11.2
ORnovelllibzyppMatch11.3
ORnovelllibzyppMatch11.4
ORnovelllibzyppMatch12.1
ORnovelllibzyppMatch12.2
ORnovelllibzyppMatch12.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | libzypp | * | cpe:2.3:a:novell:libzypp:*:*:*:*:*:*:*:* |
| novell | libzypp | 11.2 | cpe:2.3:a:novell:libzypp:11.2:*:*:*:*:*:*:* |
| novell | libzypp | 11.3 | cpe:2.3:a:novell:libzypp:11.3:*:*:*:*:*:*:* |
| novell | libzypp | 11.4 | cpe:2.3:a:novell:libzypp:11.4:*:*:*:*:*:*:* |
| novell | libzypp | 12.1 | cpe:2.3:a:novell:libzypp:12.1:*:*:*:*:*:*:* |
| novell | libzypp | 12.2 | cpe:2.3:a:novell:libzypp:12.2:*:*:*:*:*:*:* |
| novell | libzypp | 12.3 | cpe:2.3:a:novell:libzypp:12.3:*:*:*:*:*:*:* |
Related
prion
prion
Hardcoded credentials
2013-10-28 22:55:00
nessus
nessus
openSUSE Security Update : libzypp (openSUSE-SU-2013:1433-1)
2014-06-13 00:00:00
openSUSE Security Update : libzypp (openSUSE-SU-2013:1432-1)
2014-06-13 00:00:00
debiancve
debiancve
CVE-2013-3704
2013-10-28 22:55:03
cvelist
cvelist
CVE-2013-3704
2013-10-28 22:00:00
nvd
nvd
CVE-2013-3704
2013-10-28 22:55:03
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
50.5%
Related for CVE-2013-3704