rpm package
suse/kea&distro=SUSE Linux Enterprise Module for Server Applications 15 SP7
pkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3608 | — | < 2.6.5-150700.3.6.1 | 2.6.5-150700.3.6.1 | Mar 25, 2026 | Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3. | ||
| CVE-2025-32803 | Med | 4.0 | < 2.6.3-150700.3.3.5 | 2.6.3-150700.3.3.5 | May 28, 2025 | In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | |
| CVE-2025-32802 | Med | 6.1 | < 2.6.3-150700.3.3.5 | 2.6.3-150700.3.3.5 | May 28, 2025 | Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affec | |
| CVE-2025-32801 | Hig | 7.8 | < 2.6.3-150700.3.3.5 | 2.6.3-150700.3.3.5 | May 28, 2025 | Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1 |
- CVE-2026-3608Mar 25, 2026affected < 2.6.5-150700.3.6.1fixed 2.6.5-150700.3.6.1
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.
- affected < 2.6.3-150700.3.3.5fixed 2.6.3-150700.3.3.5
In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
- affected < 2.6.3-150700.3.3.5fixed 2.6.3-150700.3.3.5
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affec
- affected < 2.6.3-150700.3.3.5fixed 2.6.3-150700.3.3.5
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1