{"id":"CVE-2020-26164","details":"In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.","modified":"2026-04-16T04:36:51.473306188Z","published":"2020-10-07T19:15:12.987Z","related":["openSUSE-SU-2020:1631-1","openSUSE-SU-2020:1647-1","openSUSE-SU-2020:1650-1","openSUSE-SU-2024:10890-1"],"references":[{"type":"WEB","url":"https://kdeconnect.kde.org/official/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/10/13/5"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/10/14/1"},{"type":"ADVISORY","url":"https://github.com/KDE/kdeconnect-kde/releases"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/10/13/4"},{"type":"ADVISORY","url":"https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00014.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202101-16"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00016.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00018.html"},{"type":"ADVISORY","url":"https://kde.org/info/security/advisory-20201002-1.txt"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1176268"},{"type":"FIX","url":"https://github.com/KDE/kdeconnect-kde/commit/ce0f00fc2d3eccb51d0af4eba61a4f60de086a59"},{"type":"FIX","url":"https://github.com/KDE/kdeconnect-kde/commit/542d94a70c56aa386c8d4d793481ce181b0422e8"},{"type":"FIX","url":"https://github.com/KDE/kdeconnect-kde/commit/4fbd01a3d44a0bcca888c49a77ec7cfd10e113d7"},{"type":"FIX","url":"https://github.com/KDE/kdeconnect-kde/commit/613899be24b6e2a6b3e5cc719efce8ae8a122991"},{"type":"FIX","url":"https://github.com/KDE/kdeconnect-kde/commit/024e5f23db8d8ad3449714b906b46094baaffb89"},{"type":"FIX","url":"https://github.com/KDE/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2020/11/30/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/KDE/kdeconnect-kde","events":[{"introduced":"0"},{"fixed":"c58c37ac52120620b3e0cc65047ef4f6e2bedd39"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"20.08.2"}]}},{"type":"GIT","repo":"https://github.com/kde/kdeconnect-kde","events":[{"introduced":"0"},{"fixed":"024e5f23db8d8ad3449714b906b46094baaffb89"},{"fixed":"4fbd01a3d44a0bcca888c49a77ec7cfd10e113d7"},{"fixed":"542d94a70c56aa386c8d4d793481ce181b0422e8"},{"fixed":"613899be24b6e2a6b3e5cc719efce8ae8a122991"},{"fixed":"8112729eb0f13e6947984416118531078e65580d"},{"fixed":"ce0f00fc2d3eccb51d0af4eba61a4f60de086a59"}]}],"versions":["v0.3","v0.4.1","v0.4.2","v0.7","v0.7.1","v0.7.2","v0.7.3","v0.8","v1.0","v1.0.1","v1.2.1","v1.4","v20.07.80","v20.07.90","v20.08.0","v20.08.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26164.json","vanir_signatures_modified":"2026-04-11T09:46:24Z","vanir_signatures":[{"signature_type":"Function","id":"CVE-2020-26164-3385ada3","digest":{"length":1761,"function_hash":"169212465212062186964461074275237693488"},"deprecated":false,"source":"https://github.com/kde/kdeconnect-kde/commit/ce0f00fc2d3eccb51d0af4eba61a4f60de086a59","signature_version":"v1","target":{"function":"LanLinkProvider::udpBroadcastReceived","file":"core/backends/lan/lanlinkprovider.cpp"}},{"id":"CVE-2020-26164-48753da1","deprecated":false,"target":{"function":"LanLinkProvider::newConnection","file":"core/backends/lan/lanlinkprovider.cpp"},"source":"https://github.com/kde/kdeconnect-kde/commit/024e5f23db8d8ad3449714b906b46094baaffb89","signature_type":"Function","signature_version":"v1","digest":{"length":414,"function_hash":"267951705981347858808484903518442592057"}},{"id":"CVE-2020-26164-6b431369","deprecated":false,"source":"https://github.com/kde/kdeconnect-kde/commit/4fbd01a3d44a0bcca888c49a77ec7cfd10e113d7","digest":{"threshold":0.9,"line_hashes":["48391377195153993740618960876568243315","175776086243571528490916560372142461340","36039830265806614933615408264073893033","328759303061142755284674770696617996460"]},"signature_type":"Line","signature_version":"v1","target":{"file":"core/backends/lan/lanlinkprovider.cpp"}},{"id":"CVE-2020-26164-9e0c12a5","deprecated":false,"target":{"function":"LanLinkProvider::dataReceived","file":"core/backends/lan/lanlinkprovider.cpp"},"source":"https://github.com/kde/kdeconnect-kde/commit/4fbd01a3d44a0bcca888c49a77ec7cfd10e113d7","signature_type":"Function","signature_version":"v1","digest":{"length":1853,"function_hash":"247696741698703836114735315291771006445"}},{"deprecated":false,"source":"https://github.com/kde/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d","signature_type":"Function","id":"CVE-2020-26164-9e93d7ed","digest":{"length":642,"function_hash":"316889281405375350310193983773602935182"},"signature_version":"v1","target":{"function":"TestSocketLineReader::initTestCase","file":"tests/testsocketlinereader.cpp"}},{"id":"CVE-2020-26164-a00c80f2","deprecated":false,"target":{"file":"core/backends/lan/lanlinkprovider.cpp"},"source":"https://github.com/kde/kdeconnect-kde/commit/ce0f00fc2d3eccb51d0af4eba61a4f60de086a59","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["236215070137632193616889321865338985983","9912877670252894786996957519289716466","47758015272208239110808328796153533659","31873889898361168339373623759442609441"]}},{"signature_type":"Line","id":"CVE-2020-26164-a0cac0d4","digest":{"threshold":0.9,"line_hashes":["37149656079090608530127751331248330975","181202881865311568115222253440231673602","159624639647573573099601097656073541549","331664854571936428538130908373581592578","195584099322918536794609401174306318017","324339754007837311205698310556549556206","27084404015237821391639525558259575314","36707405996746581606175894250955624998","16527501792903214545899002808025429120","297748893527612132684804122992360649646"]},"deprecated":false,"source":"https://github.com/kde/kdeconnect-kde/commit/613899be24b6e2a6b3e5cc719efce8ae8a122991","signature_version":"v1","target":{"file":"core/backends/lan/lanlinkprovider.cpp"}},{"id":"CVE-2020-26164-c51dc974","deprecated":false,"target":{"file":"core/backends/lan/lanlinkprovider.cpp"},"source":"https://github.com/kde/kdeconnect-kde/commit/024e5f23db8d8ad3449714b906b46094baaffb89","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["169028940589971954918912565622002300997","28223910645427131072829295786657993251","222568790063777179039019421967811269686"]}},{"source":"https://github.com/kde/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d","signature_type":"Function","id":"CVE-2020-26164-d26f9b6d","digest":{"length":384,"function_hash":"185096836021021651473962586013816727356"},"deprecated":false,"signature_version":"v1","target":{"function":"SocketLineReader::dataReceived","file":"core/backends/lan/socketlinereader.cpp"}},{"id":"CVE-2020-26164-e43ae852","deprecated":false,"target":{"file":"tests/testsocketlinereader.cpp"},"source":"https://github.com/kde/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["214375864970925315496221467048634536281","21505395291300523390011035752460987586","262050446054780186080642476439100955917","154630449354378175085154369511824430502","57803463555813799190350710010840276254","176894328179205294973233926257086177384","147674783205895176419587583286236789680","61880892699506569551189058860269847333","19289750718046908666807396725824177804","113160262217869567472765252585728076443","36673354780080396195720850853615712593","97153726869967445041311856074591386790","143436331158208318057408793869520833636","95716145602602555041533604931804175781","310000559364219985387758388769933862318","223826035622294870523897697277028166674","25944266041702818348449265369788869423","265198597580099816829673747934277541792","190532963382171260860784736568901169646","242664381595365844111301315715397603459"]}},{"id":"CVE-2020-26164-e48fe50e","deprecated":false,"source":"https://github.com/kde/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d","digest":{"threshold":0.9,"line_hashes":["290774158358827173243374493883897806488","175206950594264041446392111786975068217","142948776916198467032965063665687846573","13732332071958541691498838638111358814","163806904771138796525180206526153541090","213219602545397880225702211458981037722","88365458939181897690853542674946667547"]},"signature_type":"Line","signature_version":"v1","target":{"file":"core/backends/lan/socketlinereader.cpp"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.0-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}