CVE-2020-26164Uncontrolled Resource Consumption in Kdeconnect

CWE-400Uncontrolled Resource Consumption8 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 73.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
KDE KdeconnectOpensuse Backports SLEOpensuse Leap
Timeline
PublishedOct 7
Latest updateMay 24

Description

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDkde/kdeconnect< 20.08.2
Debiankde/kdeconnect< 20.08.2-1+3
NVDopensuse/leap15.1, 15.2+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-6f3v-3c9w-7rq7: In kdeconnect-kde (aka KDE Connect) before 202022-05-24
OSV
CVE-2020-26164: In kdeconnect-kde (aka KDE Connect) before 202020-10-07
CVEList
CVE-2020-26164: In kdeconnect-kde (aka KDE Connect) before 202020-10-07

📋Vendor Advisories

1
Debian
CVE-2020-26164: kdeconnect - In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local net...2020

💬Community

3
Bugzilla
CVE-2020-26164 kde-connect: packet manipulation can be exploited in a Denial of Service attack [fedora-all]2020-10-05
Bugzilla
CVE-2020-26164 kde-connect: packet manipulation can be exploited in a Denial of Service attack [epel-8]2020-10-05
Bugzilla
CVE-2020-26164 kde-connect: packet manipulation can be exploited in a Denial of Service attack2020-10-05
CVE-2020-26164 — Uncontrolled Resource Consumption | cvebase