Vulnerability-Lookup

alsa-2025:21038

Vulnerability from osv_almalinux

Published

2025-11-11 00:00

Modified

2025-12-05 08:28

Summary

Important: kea security update

Details

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon.

Security Fix(es):

kea: Invalid characters cause assert (CVE-2025-11232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "kea"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1-2.el10_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "kea-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1-2.el10_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "kea-hooks"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1-2.el10_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "kea-keama"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1-2.el10_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "kea-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1-2.el10_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon.  \n\nSecurity Fix(es):  \n\n  * kea: Invalid characters cause assert (CVE-2025-11232)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:21038",
  "modified": "2025-12-05T08:28:57Z",
  "published": "2025-11-11T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:21038"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11232"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2407178"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-21038.html"
    }
  ],
  "related": [
    "CVE-2025-11232"
  ],
  "summary": "Important: kea security update"
}

CVE-2025-11232 (GCVE-0-2025-11232)

Vulnerability from cvelistv5 – Published: 2025-10-29 18:02 – Updated: 2025-11-04 21:09

Title

Invalid characters cause assert

Summary

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-823 - Use of Out-of-range Pointer Offset

Assigner

isc

References

URL

Tags

https://kb.isc.org/docs/cve-2025-11232

vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	Kea	Affected: 3.0.1 , ≤ 3.0.1 (custom) Affected: 3.1.1 , ≤ 3.1.2 (custom) Unaffected: 2.6.0 , ≤ 2.6.4 (custom) Unaffected: 2.7.0 , ≤ 2.7.9 (custom) Unaffected: 3.0.0 , ≤ 3.0.0 (custom) Unaffected: 3.1.0 , ≤ 3.1.0 (custom)

Credits

ISC would like to thank Siniša Uskoković and Ralf Steuer from Vienna University of Economics and Business for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11232",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-29T18:22:07.119804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-29T18:22:23.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:09:09.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/29/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Kea",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "3.0.1",
              "status": "affected",
              "version": "3.0.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.1.2",
              "status": "affected",
              "version": "3.1.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.6.4",
              "status": "unaffected",
              "version": "2.6.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.7.9",
              "status": "unaffected",
              "version": "2.7.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.0.0",
              "status": "unaffected",
              "version": "3.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.1.0",
              "status": "unaffected",
              "version": "3.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Sini\u0161a Uskokovi\u0107 and Ralf Steuer from Vienna University of Economics and Business for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2025-10-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "To trigger the issue, three configuration parameters must have specific settings: \"hostname-char-set\" must be left at the default setting, which is \"[^A-Za-z0-9.-]\"; \"hostname-char-replacement\" must be empty (the default); and \"ddns-qualifying-suffix\" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.\nThis issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service from the repeated attacks against the Kea server"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-823",
              "description": "CWE-823 Use of Out-of-range Pointer Offset",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T18:02:39.421Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2025-11232",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2025-11232"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of Kea: 3.0.2 or 3.1.3."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Invalid characters cause assert",
      "workarounds": [
        {
          "lang": "en",
          "value": "Setting \"hostname-char-replacement\" to anything other than an empty value (suggestion: \"x\") is an effective workaround to this issue, regardless of other settings."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2025-11232",
    "datePublished": "2025-10-29T18:02:39.421Z",
    "dateReserved": "2025-10-01T15:15:46.992Z",
    "dateUpdated": "2025-11-04T21:09:09.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted