CVE-2025-40779 | THREATINT

Description

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-27 | Updated 2025-08-28 | Assigner isc

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-476 NULL Pointer Dereference

Product status

Default status

unaffected

2.7.1

affected

3.0.0

affected

3.1.0

affected

2.6.0

unaffected

Credits

ISC would like to thank the following for bringing this vulnerability to our attention: * Jochen M. * Martin Dinev, Trading212 * Ashwani Kumar, Post Graduate Institute of Medical Education & Research, Chandigarh, India * Bret Giddings, University of Essex * Florian Ritterhoff, Munich University of Applied Sciences

References

kb.isc.org/docs/cve-2025-40779 (CVE-2025-40779) vendor-advisory

cve.org (CVE-2025-40779)

nvd.nist.gov (CVE-2025-40779)

Download JSON