Search criteria
8 vulnerabilities found for Kea by ISC
CVE-2025-11232 (GCVE-0-2025-11232)
Vulnerability from cvelistv5 – Published: 2025-10-29 18:02 – Updated: 2025-11-04 21:09
VLAI?
Title
Invalid characters cause assert
Summary
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.
This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.
Severity ?
7.5 (High)
CWE
- CWE-823 - Use of Out-of-range Pointer Offset
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Siniša Uskoković and Ralf Steuer from Vienna University of Economics and Business for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T18:22:07.119804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T18:22:23.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:09:09.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/29/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.2",
"status": "affected",
"version": "3.1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.4",
"status": "unaffected",
"version": "2.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.9",
"status": "unaffected",
"version": "2.7.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.0.0",
"status": "unaffected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.0",
"status": "unaffected",
"version": "3.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Sini\u0161a Uskokovi\u0107 and Ralf Steuer from Vienna University of Economics and Business for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "To trigger the issue, three configuration parameters must have specific settings: \"hostname-char-set\" must be left at the default setting, which is \"[^A-Za-z0-9.-]\"; \"hostname-char-replacement\" must be empty (the default); and \"ddns-qualifying-suffix\" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.\nThis issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A denial of service from the repeated attacks against the Kea server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823 Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T18:02:39.421Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-11232",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-11232"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of Kea: 3.0.2 or 3.1.3."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Invalid characters cause assert",
"workarounds": [
{
"lang": "en",
"value": "Setting \"hostname-char-replacement\" to anything other than an empty value (suggestion: \"x\") is an effective workaround to this issue, regardless of other settings."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-11232",
"datePublished": "2025-10-29T18:02:39.421Z",
"dateReserved": "2025-10-01T15:15:46.992Z",
"dateUpdated": "2025-11-04T21:09:09.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40779 (GCVE-0-2025-40779)
Vulnerability from cvelistv5 – Published: 2025-08-27 20:23 – Updated: 2025-11-04 21:10
VLAI?
Title
Kea crash upon interaction between specific client options and subnet selection
Summary
If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem.
This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank the following for bringing this vulnerability to our attention:
* Jochen M.
* Martin Dinev, Trading212
* Ashwani Kumar, Post Graduate Institute of Medical Education & Research, Chandigarh, India
* Bret Giddings, University of Essex
* Florian Ritterhoff, Munich University of Applied Sciences
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:07:45.683079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:08:05.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:15.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/27/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "2.7.9",
"status": "affected",
"version": "2.7.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"lessThanOrEqual": "2.6.4",
"status": "unaffected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank the following for bringing this vulnerability to our attention:\n\n* Jochen M.\n* Martin Dinev, Trading212\n* Ashwani Kumar, Post Graduate Institute of Medical Education \u0026 Research, Chandigarh, India\n* Bret Giddings, University of Essex\n* Florian Ritterhoff, Munich University of Applied Sciences"
}
],
"datePublic": "2025-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem.\nThis issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service. A malicious or misconfigured DHCP client can crash the Kea DHCPv4 service by sending a single packet."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:23:29.489Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-40779",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-40779"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of Kea: 3.0.1 or 3.1.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kea crash upon interaction between specific client options and subnet selection",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-40779",
"datePublished": "2025-08-27T20:23:29.489Z",
"dateReserved": "2025-04-16T08:44:49.857Z",
"dateUpdated": "2025-11-04T21:10:15.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32803 (GCVE-0-2025-32803)
Vulnerability from cvelistv5 – Published: 2025-05-28 17:08 – Updated: 2025-05-28 17:28
VLAI?
Title
Insecure file permissions can result in confidential information leakage
Summary
In some cases, Kea log files or lease files may be world-readable.
This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Severity ?
4 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Matthias Gerstner from the SUSE security team for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:28:47.543925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:28:58.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.8",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Matthias Gerstner from the SUSE security team for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In some cases, Kea log files or lease files may be world-readable.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If an attacker has access to a local unprivileged user account, they would be able to read the logs and/or lease information. This might disclose details about DHCP clients (MAC addresses, hostnames, IP addresses, configuration details, and so on), or about Kea itself."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:08:20.769Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-32803",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-32803"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of Kea: 2.4.2, 2.6.3, or 2.7.9."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure file permissions can result in confidential information leakage",
"workarounds": [
{
"lang": "en",
"value": "It is possible to work around this problem by ensuring that the directories that contain the logs and lease files are only accessible to trusted users."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-32803",
"datePublished": "2025-05-28T17:08:20.769Z",
"dateReserved": "2025-04-10T12:51:45.056Z",
"dateUpdated": "2025-05-28T17:28:58.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32802 (GCVE-0-2025-32802)
Vulnerability from cvelistv5 – Published: 2025-05-28 17:08 – Updated: 2025-05-28 17:23
VLAI?
Title
Insecure handling of file paths allows multiple local attacks
Summary
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.
This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Severity ?
6.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Matthias Gerstner from the SUSE security team for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:23:10.150529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:23:22.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.8",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Matthias Gerstner from the SUSE security team for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If an attacker has access to a local unprivileged user account, and the Kea API entry points are not secured, the attacker can use the API to arbitrarily modify Kea\u0027s configuration or to overwrite any file Kea has write access to. If Kea is running as root, the attacker could overwrite any local file. This can lead to local privilege escalation and/or system-wide denial of service. If control sockets are placed in an insecure location, any local user may be able to impersonate a Kea service or prevent the real Kea service from starting."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-379",
"description": "CWE-379 Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:08:11.180Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-32802",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-32802"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of Kea: 2.4.2, 2.6.3, or 2.7.9."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure handling of file paths allows multiple local attacks",
"workarounds": [
{
"lang": "en",
"value": "Two mitigation approaches are possible: (1) Disable the API entirely, by (1a) disabling the `kea-ctrl-agent`, and (1b) removing any `\"control-socket\"` stanzas from the Kea configuration files; or (2) Secure access to the API by (2a) requiring authentication (a password or client certificate) for the `kea-ctrl-agent`, and (2b) configuring all `\"control-socket\"` stanzas to use a directory restricted to only trusted users."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-32802",
"datePublished": "2025-05-28T17:08:11.180Z",
"dateReserved": "2025-04-10T12:51:45.055Z",
"dateUpdated": "2025-05-28T17:23:22.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32801 (GCVE-0-2025-32801)
Vulnerability from cvelistv5 – Published: 2025-05-28 17:03 – Updated: 2025-05-28 17:33
VLAI?
Title
Loading a malicious hook library can lead to local privilege escalation
Summary
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.
This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Matthias Gerstner from the SUSE security team and Laura Pardo from Red Hat's Product Security Team for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:33:36.266136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:33:50.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.8",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Matthias Gerstner from the SUSE security team and Laura Pardo from Red Hat\u0027s Product Security Team for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If an attacker has access to a local unprivileged user account, and the Kea API entry points are not secured, the attacker can instruct Kea to load a hook library from an arbitrary local file (including a file introduced by the attacker). The malicious hook would execute with the privileges available to Kea."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:03:34.499Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-32801",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-32801"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of Kea: 2.4.2, 2.6.3, or 2.7.9."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Loading a malicious hook library can lead to local privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "Two mitigation approaches are possible: (1) Disable the Kea API entirely, by (1a) disabling the `kea-ctrl-agent`, and (1b) removing any `\"control-socket\"` stanzas from the Kea configuration files; or (2) Secure access to the API by (2a) requiring authentication (a password or client certificate) for the `kea-ctrl-agent`, and (2b) configuring all `\"control-socket\"` stanzas to use a directory restricted to only trusted users."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-32801",
"datePublished": "2025-05-28T17:03:34.499Z",
"dateReserved": "2025-04-10T12:51:45.055Z",
"dateUpdated": "2025-05-28T17:33:50.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6474 (GCVE-0-2019-6474)
Vulnerability from cvelistv5 – Published: 2019-10-16 17:22 – Updated: 2024-09-16 22:19
VLAI?
Title
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
Summary
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2
Severity ?
5.7 (Medium)
CWE
- Only Kea servers which use memfile storage for leases are affected by this vulnerability. An attacker can exploit the missing check to deliberately create a situation where the server will not restart properly should it stop for any reason.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:20.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2019-6474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "1.4.0 to 1.5.0"
},
{
"status": "affected",
"version": "1.6.0-beta1"
},
{
"status": "affected",
"version": "1.6.0-beta2"
}
]
}
],
"datePublic": "2019-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A missing check on incoming client requests can be exploited to cause a situation where the Kea server\u0027s lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Only Kea servers which use memfile storage for leases are affected by this vulnerability. An attacker can exploit the missing check to deliberately create a situation where the server will not restart properly should it stop for any reason.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:22:16.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2019-6474"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-08-28T21:08:56.000Z",
"ID": "CVE-2019-6474",
"STATE": "PUBLIC",
"TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kea",
"version": {
"version_data": [
{
"version_value": "1.4.0 to 1.5.0"
},
{
"version_value": "1.6.0-beta1"
},
{
"version_value": "1.6.0-beta2"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing check on incoming client requests can be exploited to cause a situation where the Kea server\u0027s lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Only Kea servers which use memfile storage for leases are affected by this vulnerability. An attacker can exploit the missing check to deliberately create a situation where the server will not restart properly should it stop for any reason."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6474",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6474"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2019-6474",
"datePublished": "2019-10-16T17:22:16.767Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:19:36.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6473 (GCVE-0-2019-6473)
Vulnerability from cvelistv5 – Published: 2019-10-16 17:22 – Updated: 2024-09-16 22:30
VLAI?
Title
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
Summary
An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
Severity ?
6.5 (Medium)
CWE
- An attacker who is able to deliberately exploit this vulnerability can cause the kea-dhcp4 server to stop executing, resulting in denial of service to clients. Only the DHCPv4 service is affected by this vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:20.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2019-6473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "1.4.0 to 1.5.0"
},
{
"status": "affected",
"version": "1.6.0-beta1"
},
{
"status": "affected",
"version": "1.6.0-beta2"
}
]
}
],
"datePublic": "2019-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker who is able to deliberately exploit this vulnerability can cause the kea-dhcp4 server to stop executing, resulting in denial of service to clients. Only the DHCPv4 service is affected by this vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:22:16.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2019-6473"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-08-28T21:08:49.000Z",
"ID": "CVE-2019-6473",
"STATE": "PUBLIC",
"TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kea",
"version": {
"version_data": [
{
"version_value": "1.4.0 to 1.5.0"
},
{
"version_value": "1.6.0-beta1"
},
{
"version_value": "1.6.0-beta2"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker who is able to deliberately exploit this vulnerability can cause the kea-dhcp4 server to stop executing, resulting in denial of service to clients. Only the DHCPv4 service is affected by this vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6473",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6473"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2019-6473",
"datePublished": "2019-10-16T17:22:16.730Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:41.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6472 (GCVE-0-2019-6472)
Vulnerability from cvelistv5 – Published: 2019-10-16 17:22 – Updated: 2024-09-17 03:58
VLAI?
Title
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
Summary
A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
Severity ?
6.5 (Medium)
CWE
- An attacker who is able to send a request containing a malformed DUID to the server (either directly or via a relay) can cause the DHCPv6 server process to terminate, denying service to clients. Only the DHCPv6 service is affected by this vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2019-6472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "1.4.0 to 1.5.0"
},
{
"status": "affected",
"version": "1.6.0-beta1"
},
{
"status": "affected",
"version": "1.6.0-beta2"
}
]
}
],
"datePublic": "2019-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker who is able to send a request containing a malformed DUID to the server (either directly or via a relay) can cause the DHCPv6 server process to terminate, denying service to clients. Only the DHCPv6 service is affected by this vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:22:16.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2019-6472"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-08-28T21:08:44.000Z",
"ID": "CVE-2019-6472",
"STATE": "PUBLIC",
"TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kea",
"version": {
"version_data": [
{
"version_value": "1.4.0 to 1.5.0"
},
{
"version_value": "1.6.0-beta1"
},
{
"version_value": "1.6.0-beta2"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker who is able to send a request containing a malformed DUID to the server (either directly or via a relay) can cause the DHCPv6 server process to terminate, denying service to clients. Only the DHCPv6 service is affected by this vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6472",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6472"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2019-6472",
"datePublished": "2019-10-16T17:22:16.689Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:58:54.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}