Vulnerabilities > ISC > KEA > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-6474 Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart.
low complexity
isc CWE-772
6.5
2019-10-16 CVE-2019-6472 Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0
A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure.
low complexity
isc CWE-617
6.5
2015-12-22 CVE-2015-8373 Improper Input Validation vulnerability in ISC KEA 0.9.2/1.0.0
The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.
network
high complexity
isc CWE-20
6.8