VDB
CVE-2019-7443
CVE-2019-7443
PUBLISHED
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
EPSS 3.75% · 88.2th percentile
Risk Scores
EPSS Score
3.75%
88.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | kauth | 5.42.0-0ubuntu1, 5.38.0-0ubuntu1, 5.40.0-0ubuntu1 |
| Ubuntu:Pro:16.04:LTS | kauth | 5.15.0-0ubuntu2, 5.18.0-0ubuntu1, 5.18.0-0ubuntu2 |
Exploit Intelligence
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html (circl)
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html (circl)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/ (circl)
- https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a (circl)
- https://bugzilla.suse.com/show_bug.cgi?id=1124863 (circl)
Timeline
- Feb 10, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-7443 third-party-advisory
- https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html third-party-advisory
- https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a third-party-advisory
- https://ubuntu.com/security/notices/USN-6035-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-7443 third-party-advisory