CVE-2020-26164
published 2020-10-07CVE-2020-26164: In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kdeconnect | < kdeconnect 20.08.2-1 (bookworm) | kdeconnect 20.08.2-1 (bookworm) |
| kde | kdeconnect | < 20.08.2 | 20.08.2 |
| kde | kdeconnect | >= 0 < 20.08.2-1 | 20.08.2-1 |
| kde | kdeconnect | >= 0 < 20.08.2-1 | 20.08.2-1 |
| kde | kdeconnect | >= 0 < 20.08.2-1 | 20.08.2-1 |
| kde | kdeconnect | >= 0 < 20.08.2-1 | 20.08.2-1 |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM