CVE-2025-11232
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-04
Assigner: Internet Systems Consortium (ISC)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| isc | kea | 3.1.2 |
| isc | kea | 3.1.1 |
| isc | kea | 3.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-823 | The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Kea DHCP versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2 when three specific configuration parameters are set in a particular way: 'hostname-char-set' is left at its default value '[^A-Za-z0-9.-]', 'hostname-char-replacement' is empty (default), and 'ddns-qualifying-suffix' is not empty. Under these conditions, a client sending certain option content can cause the kea-dhcp4 service to exit unexpectedly, leading to a denial of service.
How can this vulnerability impact me? :
The vulnerability can cause the kea-dhcp4 service to crash unexpectedly, resulting in a denial of service (DoS). This means DHCP services may become unavailable, potentially disrupting network operations and connectivity for clients relying on DHCP.