USN-8403-1: Kea DHCP vulnerability

Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHCP to crash, resulting in a denial of service...

USN-8403-1 isc-kea vulnerability

Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHCP to crash, resulting in a denial of service...

PT-2026-47596

Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHCP to crash, resulting in a denial of service...

CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

Linux Distros Unpatched Vulnerability : CVE-2026-3608

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can...

UBUNTU-CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

RHEL 10 : kea (RHSA-2025:21038)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21038 advisory. DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers...

EUVD-2015-8256

Malware in sbrugna...

EUVD-2018-17508

Malware in sbrugna...

kea security update

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list DHCP implementation from Internet Systems Consortium, Inc. that features fully...

ROS-20250924-05

The Kea open source DHCP server vulnerability is related to input validation errors in the file path processing. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system Kea open source DHCP server vulnerability is related to incorrect default permissions for...

Ubuntu 16.04 LTS / 18.04 LTS : Kea DHCP vulnerabilities (USN-7759-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7759-1 advisory. It was discovered that Kea DHCP did not correctly handle invalid hostnames. A remote attacker could possibly use this issue to cause a denial of...

USN-7759-1: Kea DHCP vulnerabilities

It was discovered that Kea DHCP did not correctly handle invalid hostnames. A remote attacker could possibly use this issue to cause a denial of service...

ISC Kea DHCP Input Validation Error Vulnerability

ISC Kea DHCP is an open source DHCP Dynamic Host Configuration Protocol server from ISC. An input validation error vulnerability exists in ISC Kea DHCP versions 1.4.0 through 1.5.0, 1.6.0-beta1 and 1.6.0-beta2. The vulnerability arises from the network system or product not properly validating...

CVE-2018-5739

An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this stor...

CVE-2018-5739

An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this stor...

CVE-2018-5739

CVE-2018-5739 is a memory-leak issue in Kea DHCP 1.4.0 related to the callout handle store. The initial implementation of the store does not always free memory, allowing memory usage to grow when hooks using query4 or query6 parameters are invoked, potentially exhausting server memory and causing...

CVE-2018-5739 Failure to release memory may exhaust system resources

An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this stor...

CVE-2018-5739

An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this stor...

ISC Releases Security Advisory for Kea DHCP

The Internet Systems Consortium ISC has released a security advisory that addresses a memory leak vulnerability in Kea DHCP 1.4.0. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review ISC Knowledge Base...