CVE-2019-6474

NameCVE-2019-6474
DescriptionA missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs936040

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
isc-kea (PTS)stretch1.1.0-1vulnerable
sid1.5.0-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
isc-keasource(unstable)(unfixed)936040

Notes

[stretch] - isc-kea <no-dsa> (Minor issue)
https://kb.isc.org/docs/cve-2019-6474

Search for package or bug name: Reporting problems