PT-2014-1879 · Kde · Kdelibs

Published

2014-06-29

Updated

2024-06-15

CVE-2014-3494

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions kdelibs versions 4.10.95 through 4.12.5

Description The issue concerns the POP3 kioslave in kdelibs, where it fails to properly generate warning notifications, allowing man-in-the-middle attackers to obtain sensitive information via an invalid certificate. Multiple vulnerabilities in the kdelibs package can lead to a breach of protected information, and exploitation can be carried out remotely.

Recommendations For kdelibs versions 4.10.95 through 4.12.5, update to version 4.13.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

Exploit

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-200

Related Identifiers

BDU:2015-09700

CVE-2014-3494

MGASA-2014-0432

OPENSUSE-SU-2024:10011-1

Affected Products

Kdelibs

PT-2014-1879 · Kde · Kdelibs

CVE-2014-3494

Weakness Enumeration

Related Identifiers

Affected Products

References · 51