7.5
CVE-2026-3608
- EPSS 1.36%
- Veröffentlicht 25.03.2026 08:46:48
- Zuletzt bearbeitet 30.06.2026 03:19:14
- Quelle security-officer@isc.org
- CVE-Watchlists
- Unerledigt
Stack overflow in Kea daemons
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream (v. 10)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS (v. 10)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)
Default Statusaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.36% | 0.683 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-officer@isc.org | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://kb.isc.org/docs/cve-2026-3608
https://downloads.isc.org/isc/kea/2.6.5
https://downloads.isc.org/isc/kea/3.0.3
http://www.openwall.com/lists/oss-security/2026/03/25/6
https://access.redhat.com/errata/RHSA-2026:11344
https://access.redhat.com/errata/RHSA-2026:7342
https://access.redhat.com/security/cve/CVE-2026-3608
https://bugzilla.redhat.com/show_bug.cgi?id=2451139
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3608.json