Unrated severityNVD Advisory· Published May 7, 2019· Updated Aug 4, 2024
CVE-2019-7443
CVE-2019-7443
Description
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22- KDE/KAuthdescription
- osv-coords20 versionspkg:rpm/opensuse/extra-cmake-modules&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/kauth&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/kcoreaddons&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/polkit-qt5-1&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/extra-cmake-modules&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/extra-cmake-modules&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/extra-cmake-modules&distro=SUSE%20Package%20Hub%2012%20SP3pkg:rpm/suse/extra-cmake-modules&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/kauth&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/kauth&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/kauth&distro=SUSE%20Package%20Hub%2012%20SP3pkg:rpm/suse/kauth&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/kcoreaddons&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/kcoreaddons&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/kcoreaddons&distro=SUSE%20Package%20Hub%2012%20SP3pkg:rpm/suse/kcoreaddons&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/polkit-qt5-1&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/polkit-qt5-1&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/polkit-qt5-1&distro=SUSE%20Package%20Hub%2012%20SP3pkg:rpm/suse/polkit-qt5-1&distro=SUSE%20Package%20Hub%2015
< 5.32.0-7.2+ 19 more
- (no CPE)range: < 5.32.0-7.2
- (no CPE)range: < 5.45.0-bp150.5.2
- (no CPE)range: < 5.45.0-bp150.3.6.2
- (no CPE)range: < 0.112.0-5.2
- (no CPE)range: < 5.32.0-7.2
- (no CPE)range: < 5.32.0-7.2
- (no CPE)range: < 5.32.0-7.2
- (no CPE)range: < 5.32.0-7.2
- (no CPE)range: < 5.45.0-bp150.5.2
- (no CPE)range: < 5.45.0-bp150.5.2
- (no CPE)range: < 5.45.0-bp150.5.2
- (no CPE)range: < 5.45.0-bp150.5.2
- (no CPE)range: < 5.45.0-bp150.3.6.2
- (no CPE)range: < 5.45.0-bp150.3.6.2
- (no CPE)range: < 5.45.0-bp150.3.6.2
- (no CPE)range: < 5.45.0-bp150.3.6.2
- (no CPE)range: < 0.112.0-5.2
- (no CPE)range: < 0.112.0-5.2
- (no CPE)range: < 0.112.0-5.2
- (no CPE)range: < 0.112.0-5.2
Patches
Vulnerability mechanics
References
6- lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.htmlmitrex_refsource_MISC
- lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.htmlmitrex_refsource_MISC
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
- cgit.kde.org/kauth.git/commit/mitrex_refsource_MISC
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/mitrex_refsource_MISC
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.