AVG-2886 log
| Package | kea |
| Status | Vulnerable |
| Severity | High |
| Type | multiple issues |
| Affected | 2.6.2-1 |
| Fixed | Unknown |
| Current | 1:3.0.2-1 [extra] |
| Ticket | Create |
| Created | Wed May 28 17:21:47 2025 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2025-32803 | Medium | No | Information disclosure | In some cases, Kea log files or lease files may be world-readable. If an attacker has access to a local unprivileged user account, they would be able to... |
| CVE-2025-32802 | Medium | No | Privilege escalation | Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as... |
| CVE-2025-32801 | High | No | Privilege escalation | Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points... |