CVE-2020-26164 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2020-26164

CVE-2020-26164

October 07, 2020

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

Related Resources (21)

https://security.gentoo.org/glsa/202101-16

https://github.com/KDE/kdeconnect-kde/commit/542d94a70c56aa386c8d4d793481ce181b0422e8

https://github.com/KDE/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d

http://www.openwall.com/lists/oss-security/2020/11/30/1

https://github.com/KDE/kdeconnect-kde/commit/4fbd01a3d44a0bcca888c49a77ec7cfd10e113d7

http://www.openwall.com/lists/oss-security/2020/10/13/5

https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26164

https://bugzilla.suse.com/show_bug.cgi?id=1176268

https://kdeconnect.kde.org/official/

https://github.com/KDE/kdeconnect-kde/commit/ce0f00fc2d3eccb51d0af4eba61a4f60de086a59

https://github.com/KDE/kdeconnect-kde/releases

https://security.alpinelinux.org/vuln/CVE-2020-26164

https://github.com/KDE/kdeconnect-kde/commit/613899be24b6e2a6b3e5cc719efce8ae8a122991

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00016.html

https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00014.html

https://github.com/KDE/kdeconnect-kde/commit/024e5f23db8d8ad3449714b906b46094baaffb89

http://www.openwall.com/lists/oss-security/2020/10/13/4

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00018.html

https://kde.org/info/security/advisory-20201002-1.txt

https://security-tracker.debian.org/tracker/CVE-2020-26164

http://www.openwall.com/lists/oss-security/2020/10/14/1

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

CVSS v2

Base Score:

4.9

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

EPSS

Base Score:

0.10

Products

Solutions

Resources

Company

Compare

Developer Tools