CVE-2020-26164

EUVD-2020-18789
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
kdekdeconnect
𝑥
< 20.08.2
opensusebackports_sle
15.0:sp1
opensusebackports_sle
15.0:sp2
opensuseleap
15.1
opensuseleap
15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kdeconnect
bookworm
22.12.3-1
fixed
bullseye
20.12.3-2
fixed
buster
no-dsa
sid
23.08.5-1
fixed
stretch
no-dsa
trixie
23.08.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kdeconnect
bionic
needed
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
needed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00018.html
http://www.openwall.com/lists/oss-security/2020/10/13/4
http://www.openwall.com/lists/oss-security/2020/10/13/5
http://www.openwall.com/lists/oss-security/2020/10/14/1
http://www.openwall.com/lists/oss-security/2020/11/30/1
https://bugzilla.suse.com/show_bug.cgi?id=1176268
https://github.com/KDE/kdeconnect-kde/commit/024e5f23db8d8ad3449714b906b46094baaffb89
https://github.com/KDE/kdeconnect-kde/commit/4fbd01a3d44a0bcca888c49a77ec7cfd10e113d7
https://github.com/KDE/kdeconnect-kde/commit/542d94a70c56aa386c8d4d793481ce181b0422e8
https://github.com/KDE/kdeconnect-kde/commit/613899be24b6e2a6b3e5cc719efce8ae8a122991
https://github.com/KDE/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d
https://github.com/KDE/kdeconnect-kde/commit/ce0f00fc2d3eccb51d0af4eba61a4f60de086a59
https://github.com/KDE/kdeconnect-kde/releases
https://kde.org/info/security/advisory-20201002-1.txt
https://kdeconnect.kde.org/official/
https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00014.html
https://security.gentoo.org/glsa/202101-16
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00018.html
http://www.openwall.com/lists/oss-security/2020/10/13/4
http://www.openwall.com/lists/oss-security/2020/10/13/5
http://www.openwall.com/lists/oss-security/2020/10/14/1
http://www.openwall.com/lists/oss-security/2020/11/30/1
https://bugzilla.suse.com/show_bug.cgi?id=1176268
https://github.com/KDE/kdeconnect-kde/commit/024e5f23db8d8ad3449714b906b46094baaffb89
https://github.com/KDE/kdeconnect-kde/commit/4fbd01a3d44a0bcca888c49a77ec7cfd10e113d7
https://github.com/KDE/kdeconnect-kde/commit/542d94a70c56aa386c8d4d793481ce181b0422e8
https://github.com/KDE/kdeconnect-kde/commit/613899be24b6e2a6b3e5cc719efce8ae8a122991
https://github.com/KDE/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d
https://github.com/KDE/kdeconnect-kde/commit/ce0f00fc2d3eccb51d0af4eba61a4f60de086a59
https://github.com/KDE/kdeconnect-kde/releases
https://kde.org/info/security/advisory-20201002-1.txt
https://kdeconnect.kde.org/official/
https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00014.html
https://security.gentoo.org/glsa/202101-16