KDE Project Security Advisory
||KDE Connect: packet manipulation can be exploited in a Denial of Service attack
||kdeconnect <= 20.08.1
||Albert Vaca Cintora <email@example.com>
||2 October 2020
An attacker on your local network could send maliciously crafted
packets to other hosts running kdeconnect on the network, causing
them to use large amounts of CPU, memory or network connections,
which could be used in a Denial of Service attack within the
Computers that run kdeconnect are susceptible to DoS attacks from
the local network.
We advise you to stop KDE Connect when on untrusted networks like
those on airports or conferences.
Since kdeconnect is dbus activated it is relatively hard to make
sure it stays stopped so the brute force approach is to uninstall
the kdeconnect package from your system and then run
Just install the package again once you're back in a trusted
KDE Connect 20.08.2 patches several code paths that could result
in a DoS.
You can apply these patches on top of 20.08.1:
Thanks Matthias Gerstner and the openSUSE security team for
reporting the issue.
Thanks to Aleix Pol, Nicolas Fella and Albert Vaca Cintora for the