VYPR
High severity7.8NVD Advisory· Published Nov 22, 2017· Updated Jun 17, 2026

CVE-2017-7501

CVE-2017-7501

Description

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

45

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.