CVE-2025-11232

Summary

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must NOT be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.

Affected Software

VendorProductVersion RangeStatus
ISCKea3.0.1 <= 3.0.1affected
ISCKea3.1.1 <= 3.1.2affected
ISCKea2.6.0 <= 2.6.4unaffected
ISCKea2.7.0 <= 2.7.9unaffected
ISCKea3.0.0 <= 3.0.0unaffected
ISCKea3.1.0 <= 3.1.0unaffected

Weaknesses

  • CWE-823: CWE-823 Use of Out-of-range Pointer Offset

Workarounds

Setting "hostname-char-replacement" to anything other than an empty value (suggestion: "x") is an effective workaround to this issue, regardless of other settings.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References