CVE-2025-40779

Опубликовано: 27 авг. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/xenial	not-affected	code not present
jammy	not-affected	code not present
noble	not-affected	code not present
plucky	not-affected	code not present
questing	not-affected	code not present
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 18%

0.00057

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2025-40779

CVSS3: 7.5

redhat

3 месяца назад

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.

CVE-2025-40779

CVSS3: 7.5

nvd

3 месяца назад

CVE-2025-40779

CVSS3: 7.5

debian

3 месяца назад

If a DHCPv4 client sends a request with some specific options, and Kea ...

ROS-20250930-15

CVSS3: 7.5

redos

2 месяца назад

Уязвимость kea

GHSA-v32h-8f7r-3543

CVSS3: 7.5

github

3 месяца назад

EPSS

Процентиль: 18%

0.00057

Низкий

7.5 High

CVSS3

CVE-2025-40779

Описание

Пакет isc-kea

Ссылки на источники

Связанные уязвимости