| Name | CVE-2025-40779 |
| Description | If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| isc-kea (PTS) | bookworm | 2.2.0-6 | fixed |
| trixie | 2.6.3-1 | fixed | |
| forky, sid | 2.6.4-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| isc-kea | source | (unstable) | (not affected) |
- isc-kea <not-affected> (Vulnerable code introduced later, bug #1112247)
https://kb.isc.org/docs/cve-2025-40779
Backport: https://gitlab.isc.org/isc-projects/kea/-/issues/4055
Introduced with: https://gitlab.isc.org/isc-projects/kea/-/commit/8f1742a2d6509c7edf5d63ed1d4eec53f9e016b0 (Kea-2.7.1)
https://gitlab.isc.org/isc-projects/kea/-/commit/0afd42b5dfb2e547b3c25023953892c1e578aba3 (Kea-3.1.1)
https://gitlab.isc.org/isc-projects/kea/-/commit/b25d7e8a81273e4099bf6c7f639ed774de2f3d08 (Kea-3.0.1)