CVE-2012-0420

SUSE Zypper <1.3.20, <1.6.166 - Path Traversal

Title source: llm
STIX 2.1

Description

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.

References (2)

Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=770630

Scores

EPSS 0.0034
EPSS Percentile 25.9%

Details

Status published
Products (4)
opensuse/zypper 0.11.6
opensuse/zypper 1.0.2
opensuse/zypper 1.6.16
opensuse/zypper < 1.2.8
Published Dec 02, 2013
Tracked Since Feb 18, 2026