{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11232", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2025-10-01T15:15:46.992Z", "datePublished": "2025-10-29T18:02:39.421Z", "dateUpdated": "2025-11-04T21:09:09.184Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-10-29T18:02:39.421Z"}, "title": "Invalid characters cause assert", "datePublic": "2025-10-29T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "Kea", "versions": [{"version": "3.0.1", "lessThanOrEqual": "3.0.1", "status": "affected", "versionType": "custom"}, {"version": "3.1.1", "lessThanOrEqual": "3.1.2", "status": "affected", "versionType": "custom"}, {"version": "2.6.0", "lessThanOrEqual": "2.6.4", "status": "unaffected", "versionType": "custom"}, {"version": "2.7.0", "lessThanOrEqual": "2.7.9", "status": "unaffected", "versionType": "custom"}, {"version": "3.0.0", "lessThanOrEqual": "3.0.0", "status": "unaffected", "versionType": "custom"}, {"version": "3.1.0", "lessThanOrEqual": "3.1.0", "status": "unaffected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-823", "description": "CWE-823 Use of Out-of-range Pointer Offset"}]}], "descriptions": [{"lang": "en", "value": "To trigger the issue, three configuration parameters must have specific settings: \"hostname-char-set\" must be left at the default setting, which is \"[^A-Za-z0-9.-]\"; \"hostname-char-replacement\" must be empty (the default); and \"ddns-qualifying-suffix\" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.\nThis issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2."}], "impacts": [{"descriptions": [{"lang": "en", "value": "A denial of service from the repeated attacks against the Kea server"}]}], "workarounds": [{"lang": "en", "value": "Setting \"hostname-char-replacement\" to anything other than an empty value (suggestion: \"x\") is an effective workaround to this issue, regardless of other settings."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of Kea: 3.0.2 or 3.1.3."}], "credits": [{"lang": "en", "value": "ISC would like to thank Sini\u0161a Uskokovi\u0107 and Ralf Steuer from Vienna University of Economics and Business for bringing this vulnerability to our attention."}], "references": [{"url": "https://kb.isc.org/docs/cve-2025-11232", "name": "CVE-2025-11232", "tags": ["vendor-advisory"]}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-29T18:22:07.119804Z", "id": "CVE-2025-11232", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-29T18:22:23.455Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/10/29/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:09:09.184Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/10/29/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:09:09.184Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11232", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-29T18:22:07.119804Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-29T18:22:14.126Z"}}], "cna": {"title": "Invalid characters cause assert", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "ISC would like to thank Sini\u0161a Uskokovi\u0107 and Ralf Steuer from Vienna University of Economics and Business for bringing this vulnerability to our attention."}], "impacts": [{"descriptions": [{"lang": "en", "value": "A denial of service from the repeated attacks against the Kea server"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ISC", "product": "Kea", "versions": [{"status": "affected", "version": "3.0.1", "versionType": "custom", "lessThanOrEqual": "3.0.1"}, {"status": "affected", "version": "3.1.1", "versionType": "custom", "lessThanOrEqual": "3.1.2"}, {"status": "unaffected", "version": "2.6.0", "versionType": "custom", "lessThanOrEqual": "2.6.4"}, {"status": "unaffected", "version": "2.7.0", "versionType": "custom", "lessThanOrEqual": "2.7.9"}, {"status": "unaffected", "version": "3.0.0", "versionType": "custom", "lessThanOrEqual": "3.0.0"}, {"status": "unaffected", "version": "3.1.0", "versionType": "custom", "lessThanOrEqual": "3.1.0"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of Kea: 3.0.2 or 3.1.3."}], "datePublic": "2025-10-29T00:00:00.000Z", "references": [{"url": "https://kb.isc.org/docs/cve-2025-11232", "name": "CVE-2025-11232", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Setting \"hostname-char-replacement\" to anything other than an empty value (suggestion: \"x\") is an effective workaround to this issue, regardless of other settings."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "To trigger the issue, three configuration parameters must have specific settings: \"hostname-char-set\" must be left at the default setting, which is \"[^A-Za-z0-9.-]\"; \"hostname-char-replacement\" must be empty (the default); and \"ddns-qualifying-suffix\" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.\nThis issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-823", "description": "CWE-823 Use of Out-of-range Pointer Offset"}]}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-10-29T18:02:39.421Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11232", "state": "PUBLISHED", "dateUpdated": "2025-11-04T21:09:09.184Z", "dateReserved": "2025-10-01T15:15:46.992Z", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2025-10-29T18:02:39.421Z", "assignerShortName": "isc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "To trigger the issue, three configuration parameters must have specific settings: \"hostname-char-set\" must be left at the default setting, which is \"[^A-Za-z0-9.-]\"; \"hostname-char-replacement\" must be empty (the default); and \"ddns-qualifying-suffix\" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.\nThis issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2."}], "id": "CVE-2025-11232", "lastModified": "2025-11-04T22:16:05.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-10-29T18:15:40.197", "references": [{"source": "[email protected]", "url": "https://kb.isc.org/docs/cve-2025-11232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/10/29/5"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-823"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "kea: Invalid characters cause assert", "id": "2407178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407178"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-823", "details": ["A flaw was found in Kea. A remote attacker can send specific option content to the kea-dhcp4 server. When the server is configured with specific parameters, an assertion failure can be triggered and cause the kea-dhcp4 process to exit unexpectedly, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Set the \"hostname-char-replacement\" parameter to any non-empty value (the default is empty). For example, setting it to \"x\" is an effective workaround, regardless of other settings.\n~~~\n...\n\"hostname-char-replacement\": \"x\",\n...\n~~~"}, "name": "CVE-2025-11232", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kea", "product_name": "Red Hat Enterprise Linux 10"}], "public_date": "2025-10-29T18:02:39Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-11232\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11232\nhttps://kb.isc.org/docs/cve-2025-11232"], "statement": "To exploit this issue, three configuration parameters must have the following settings:\n- hostname-char-set: must have the default setting, which is \"[^A-Za-z0-9.-]\".\n- hostname-char-replacement: must be empty, which is the default value.\n- ddns-qualifying-suffix: must NOT be empty, which is not the default.\nA remote and unauthenticated attacker can cause the kea-dhcp4 process to exit unexpectedly by sending specific option content, preventing all DHCP clients it servers from obtaining new leases or renewing existing ones until the service is restarted. Due to this reason, this flaw has been rated with an important severity.", "threat_severity": "Important"}