CVE-2020-26164 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1241	kdeconnect	20.08.1-1	20.08.2-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
18 Oct 2020	ASA-202010-7	AVG-1241	kdeconnect	High	arbitrary code execution

References
https://www.openwall.com/lists/oss-security/2020/10/13/4 https://kde.org/info/security/advisory-20201002-1.txt

Notes
Workaround ========== We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences. Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute force approach is to uninstall the kdeconnect package from your system and then run kquitapp5 kdeconnectd Just install the package again once you're back in a trusted network.

Notes

Workaround
==========

We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences.

Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute
force approach is to uninstall the kdeconnect package from your system and then run
    kquitapp5 kdeconnectd
Just install the package again once you're back in a trusted network.