kea

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description High-performance, extensible DHCP server engine from ISC, supporting both DHCPv4 and DHCPv6
Version 2.6.3-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2886 2.6.2-1 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2025-32803 AVG-2886 Medium No Information disclosure
In some cases, Kea log files or lease files may be world-readable.  If an attacker has access to a local unprivileged user account, they would be able to...
CVE-2025-32802 AVG-2886 Medium No Privilege escalation
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as...
CVE-2025-32801 AVG-2886 High No Privilege escalation
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1032 1.5.0-14 1.8.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-6474 AVG-1032 High Yes Denial of service
An issue has been found in the Kea DHCPv6 server before 1.6.0 or 1.5.0-P1, where a missing check on incoming client requests can be exploited to cause a...
CVE-2019-6473 AVG-1032 Medium Yes Denial of service
An issue has been found in the Kea DHCPv6 server before 1.6.0 or 1.5.0-P1, which can exit with an assertion failure if it receives a packed containing a...
CVE-2019-6472 AVG-1032 High Yes Denial of service
An issue has been found in the Kea DHCPv6 server before 1.6.0 or 1.5.0-P1, which can exit with an assertion failure if the DHCPv6 server process receives a...