7.5
CVE-2025-11232
- EPSS 0.03%
- Veröffentlicht 29.10.2025 18:02:39
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security-officer@isc.org
- CVE-Watchlists
- Unerledigt
Invalid characters cause assert
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerISC
≫
Produkt
Kea
Default Statusunaffected
Version <=
3.0.1
Version
3.0.1
Status
affected
Version <=
3.1.2
Version
3.1.1
Status
affected
Version <=
2.6.4
Version
2.6.0
Status
unaffected
Version <=
2.7.9
Version
2.7.0
Status
unaffected
Version <=
3.0.0
Version
3.0.0
Status
unaffected
Version <=
3.1.0
Version
3.1.0
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.072 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-officer@isc.org | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-823 Use of Out-of-range Pointer Offset
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.