CVE-2026-3608
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | Kea | 2.6.0 <= 2.6.4 | affected |
| ISC | Kea | 3.0.0 <= 3.0.2 | affected |
Weaknesses
- CWE-617: CWE-617 Reachable Assertion
Workarounds
Securing the API sockets with TLS, and requiring the client to authenticate with a certificate (mutual authentication), prevents the attacker from establishing an API connection to Kea. Set cert-required to true (the default) to require a client certificate. See: https://kea.readthedocs.io/en/stable/arm/security.html#tls-https-configuration
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
Kea: Kea: Denial of Service via maliciously crafted message
Additional References
- https://access.redhat.com/security/cve/CVE-2026-3608
- https://bugzilla.redhat.com/show_bug.cgi?id=2451139
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3608.json
- https://access.redhat.com/errata/RHSA-2026:11344
- https://access.redhat.com/errata/RHSA-2026:7342
References
- https://kb.isc.org/docs/cve-2026-3608
- https://downloads.isc.org/isc/kea/2.6.5
- https://downloads.isc.org/isc/kea/3.0.3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.