Vulnerabilities > ISC > KEA > 1.4.0

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-6474 Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart.
low complexity
isc CWE-772
6.5
6.5
2019-10-16 CVE-2019-6472 Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0
A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure.
low complexity
isc CWE-617
6.5
6.5
2019-01-16 CVE-2018-5739 Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0
An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities.
network
low complexity
isc CWE-772
7.5
7.5