|Type||Arbitrary code execution|
Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free.
|18 Oct 2020||ASA-202010-7||AVG-1241||kdeconnect||High||arbitrary code execution|
Workaround ========== We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences. Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute force approach is to uninstall the kdeconnect package from your system and then run kquitapp5 kdeconnectd Just install the package again once you're back in a trusted network.