kdeconnect: packet manipulation can be exploited in a Denial of Service attack (CVE-2020-26164)
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
Fixed In Version:
kdeconnect 20.08.2
References:
- https://kde.org/info/security/advisory-20201002-1.txt
- https://security-tracker.debian.org/tracker/CVE-2020-26164
Affected branches:
-
master -
3.12-stable
Edited by Leo