CVE-2019-7443

CWE-20 — Improper Input Validation9 documents7 sources

Severity

8.1HIGH

EPSS

1.6%

top 18.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Kauth Fedoraproject Fedora Opensuse Leap

Timeline

PublishedMay 7

Latest updateApr 20

Description

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶NVDkde/kauth< 5.55.0

▶Debiankauth< 5.54.0-2+3

▶NVDopensuse/leap15.0, 42.3+1

Also affects: Fedora 28, 29

Patches

Patch: bugzilla.suse.com ↗Patch: cgit.kde.org ↗Patch: bugzilla.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-wmpm-pm59-7mfw: KDE KAuth before 5↗2022-05-24

▶

OSV

CVE-2019-7443: KDE KAuth before 5↗2019-05-07

▶

CVEList

CVE-2019-7443: KDE KAuth before 5↗2019-05-07

▶

📋Vendor Advisories

Ubuntu

KAuth vulnerability↗2023-04-20

▶

Debian

CVE-2019-7443: kauth - KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to h...↗2019

▶

💬Community

Bugzilla

CVE-2019-7443 kf5-kauth: kauth: insecure handling of arguments in helpers [epel-all]↗2020-04-23

▶

Bugzilla

CVE-2019-7443 kauth: insecure handling of arguments in helpers↗2020-04-23

▶

Bugzilla

CVE-2019-7443 kf5-kauth: kauth: insecure handling of arguments in helpers [fedora-all]↗2020-04-23

▶