Vulnerabilities > ISC > KEA
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-6474 | Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0 A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. | 6.1 |
| 2019-10-16 | CVE-2019-6472 | Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0 A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. | 3.3 |
| 2019-01-16 | CVE-2018-5739 | Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0 An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. | 5.0 |
| 2015-12-22 | CVE-2015-8373 | Improper Input Validation vulnerability in ISC KEA 0.9.2/1.0.0 The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet. | 7.1 |