7.5

CVE-2026-3608

Medienbericht

Stack overflow in Kea daemons

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error.
This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 10)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux BaseOS (v. 10)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.683
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-officer@isc.org 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
01.04.2026 09:30
https://kb.isc.org/docs/cve-2026-3608
https://downloads.isc.org/isc/kea/2.6.5
https://downloads.isc.org/isc/kea/3.0.3
http://www.openwall.com/lists/oss-security/2026/03/25/6
https://access.redhat.com/errata/RHSA-2026:11344
https://access.redhat.com/errata/RHSA-2026:7342
https://access.redhat.com/security/cve/CVE-2026-3608
https://bugzilla.redhat.com/show_bug.cgi?id=2451139
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3608.json