RHEL 10 : kea (RHSA-2026:11344)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11344 advisory. DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers...

ALSA-2026:7342 Important: kea security update

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

[SECURITY] Fedora 43 Update: kea-3.0.3-1.fc43

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

openSUSE 16 Security Update : kea (openSUSE-SU-2026:20341-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20341-1 advisory. Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection bsc1248801. Tenable has...

ROS-20251124-10

The Kea open source DHCP server vulnerability is related to the use of a pointer offset outside the range. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system...

Important: Red Hat Security Advisory: kea security update

An update for kea is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Linux Distros Unpatched Vulnerability : CVE-2025-11232

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To trigger the issue, three configuration parameters must have specific settings: hostname-char-set must be left at the default setting, which is ^A-Za-z0-9.-;...

CVE-2025-11232

A flaw was found in Kea. A remote attacker can send specific option content to the kea-dhcp4 server. When the server is configured with specific parameters, an assertion failure can be triggered and cause the kea-dhcp4 process to exit unexpectedly, resulting in a denial of service. Mitigation Set...

UBUNTU-CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

PT-2025-44333

Name of the Vulnerable Software and Affected Versions Kea versions 3.0.1 through 3.0.1 Kea versions 3.1.1 through 3.1.2 Description The software can exit unexpectedly when receiving certain option content from a client if three configuration parameters are set to specific values. Specifically, th...

EUVD-2019-16034

Malware in sbrugna...

EUVD-2025-27981

Malicious code in bioql PyPI...

RLSA-2025:9178 Important: kea security update

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

USN-7759-1 isc-kea vulnerabilities

It was discovered that Kea DHCP did not correctly handle invalid hostnames. A remote attacker could possibly use this issue to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-40779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with...

Linux Distros Unpatched Vulnerability : CVE-2019-6474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as...

ISC Kea 安全漏洞

ISC Kea is a modern open source DHCPv4 and DHCPv6 server from the ISC organization. A security vulnerability exists in ISC Kea versions 2.7.1 through 2.7.9 and 3.0.0 and 3.1.0, which stems from improper handling of DHCPv4 client requests and may result in process abort...

Linux Distros Unpatched Vulnerability : CVE-2019-6473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected:...

ROS-20250822-01

A vulnerability in the Kea open source DHCP server is related to the use of an unreliable search path. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system...

ISC Kea 代码注入漏洞

ISC Kea is a modern open source DHCPv4 and DHCPv6 server from the ISC organization. A security vulnerability exists in ISC Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8, which stems from configuration and API directives that can load malicious hook libraries,...