PT-2026-27643 · Kea-Dhcp4+3 · Kea-Dhcp4+4

Published

2026-01-01

·

Updated

2026-04-22

·

CVE-2026-3608

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Kea versions 2.6.0 through 2.6.4 Kea versions 3.0.0 through 3.0.2
Description A specially crafted message sent to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons via an API socket or HA listener can lead to a stack overflow error, causing the daemon to terminate. This could result in a denial-of-service condition.
Recommendations Update Kea to version 2.6.5 or 3.0.3.

Fix

DoS

Assertion Failure

Weakness Enumeration

CWE-617

Related Identifiers

ALSA-2026:7342
CVE-2026-3608
OPENSUSE-SU-2026:10421-1
OPENSUSE-SU-2026:20452-1
RHSA-2026:11344
RHSA-2026:7342
SUSE-SU-2026:1378-1
SUSE-SU-2026:1548-1
SUSE-SU-2026:20989-1

Affected Products

Kea
Kea-Ctrl-Agent
Kea-Dhcp-Ddns
Kea-Dhcp4
Kea-Dhcp6