cbcvebase.
CVE-2019-7443
published 2019-05-07

CVE-2019-7443: KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can…

PriorityP348high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
2.35%
81.6th percentile
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiankauth< kauth 5.54.0-2 (bookworm)kauth 5.54.0-2 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
kdekauth< 5.55.05.55.0
kdekauth>= 0 < 5.54.0-25.54.0-2
kdekauth>= 0 < 5.54.0-25.54.0-2
kdekauth>= 0 < 5.54.0-25.54.0-2
kdekauth>= 0 < 5.54.0-25.54.0-2
opensuseleap
opensuseleap

CVSS provenance

nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.1HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.