CVE-2025-40779

Опубликовано: 27 авг. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/xenial	not-affected	code not present
jammy	not-affected	code not present
noble	not-affected	code not present
plucky	not-affected	code not present
questing	not-affected	code not present
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 24%

0.00082

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2025-40779

CVSS3: 7.5

redhat

5 месяцев назад

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.

CVE-2025-40779

CVSS3: 7.5

nvd

5 месяцев назад

CVE-2025-40779

CVSS3: 7.5

debian

5 месяцев назад

If a DHCPv4 client sends a request with some specific options, and Kea ...

GHSA-v32h-8f7r-3543

CVSS3: 7.5

github

5 месяцев назад

ELSA-2025-21006

oracle-oval

около 2 месяцев назад

ELSA-2025-21006: kea security update (IMPORTANT)

EPSS

Процентиль: 24%

0.00082

Низкий

7.5 High

CVSS3

CVE-2025-40779

Описание

Пакет isc-kea

Ссылки на источники

Связанные уязвимости