vulnerability

Debian: CVE-2019-6474: isc-kea -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:A/AC:L/Au:N/C:N/I:N/A:C)	Oct 16, 2019	Jul 30, 2024	Mar 30, 2026

Severity

CVSS

(AV:A/AC:L/Au:N/C:N/I:N/A:C)

Published

Oct 16, 2019

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2

Solution

debian-upgrade-isc-kea

References

CVE-2019-6474
https://attackerkb.com/topics/CVE-2019-6474
CWE-772
EUVD-EUVD-2019-16034
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-16034

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today