CVE-2025-11232
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-04
Assigner: Internet Systems Consortium (ISC)
Description
Description
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.
This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| isc | kea | 3.1.2 |
| isc | kea | 3.1.1 |
| isc | kea | 3.0.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-823 | The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |
