4 matches found
CVE-2019-6474
CVE-2019-6474 affects ISC Kea DHCP server. A missing validation of incoming client requests can lead to the lease storage containing leases that are later rejected as invalid when loading from storage on restart. If the number of such leases exceeds a hard-coded limit, a restarting server may mis...
CVE-2019-6472
CVE-2019-6472 concerns the Kea DHCPv6 server. A packet containing a malformed DUID can cause the kea-dhcp6 process to exit due to an assertion failure. Affected versions are 1.4.0–1.5.0 and 1.6.0-beta1/beta2. The issue is a server termination condition; no exploit details are provided in the sour...
CVE-2018-5739
CVE-2018-5739 is a memory-leak issue in Kea DHCP 1.4.0 related to the callout handle store. The initial implementation of the store does not always free memory, allowing memory usage to grow when hooks using query4 or query6 parameters are invoked, potentially exhausting server memory and causing...
CVE-2015-8373
CVE-2015-8373 affects ISC Kea: the kea-dhcp4 and kea-dhcp6 servers (versions 0.9.2 and 1.0.0-beta) are vulnerable when certain debugging settings are enabled, allowing a remote attacker to cause a daemon crash (DoS) by sending a malformed packet. Public information confirms the vulnerability and ...