Opened 6 months ago
Closed 6 months ago
#22026 closed enhancement (fixed)
kea-3.0.1
| Reported by: | Joe Locash | Owned by: | thomas |
|---|---|---|---|
| Priority: | high | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Fixes CVE-2025-40779, rated as high.
https://kb.isc.org/docs/cve-2025-40779
It's an end package so could be moved to 12.4.
Change History (2)
comment:1 by , 6 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 6 months ago
| Milestone: | 12.5 → 12.4 |
|---|---|
| Resolution: | → fixed |
| Status: | assigned → closed |
Fixed in [ed317fea95]
SA added in [WWW 5cd40e59]
Note:
See TracTickets
for help on using tickets.
CVE-2025-40779
Kea crash upon interaction between specific client options and subnet selection
If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem.