CVE-2022-23853

NameCVE-2022-23853
DescriptionThe LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1010180

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kate (PTS)bullseye4:20.12.2-1vulnerable
bookworm4:22.12.3-1fixed
sid, trixie4:23.08.1-1fixed
ktexteditor (PTS)bullseye5.78.0-3vulnerable
bookworm5.103.0-1.1fixed
sid, trixie5.115.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
katesource(unstable)4:21.12.2-1
ktexteditorsource(unstable)5.93.0-11010180

Notes

[bullseye] - kate <no-dsa> (Minor issue)
[buster] - kate <no-dsa> (Minor issue)
[stretch] - kate <no-dsa> (Minor issue)
[bullseye] - ktexteditor <no-dsa> (Minor issue)
[buster] - ktexteditor <no-dsa> (Minor issue)
[stretch] - ktexteditor <no-dsa> (Minor issue)
https://kde.org/info/security/advisory-20220131-1.txt
KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/804e49444c093fe58ec0df2ab436565e50dc147e
KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/c80f935c345de2e2fb10635202800839ca9697bf
Kate: prerequisites:
https://commits.kde.org/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2
https://commits.kde.org/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5
https://commits.kde.org/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc
Fixed by: https://commits.kde.org/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9
Fixed by: https://commits.kde.org/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad
Search for package or bug name: Reporting problems