FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
59e7eb28-b309-11e5-af83-80ee73b5dcf5	kea -- unexpected termination while handling a malformed packet ISC Support reports: ISC Kea may terminate unexpectedly (crash) while handling a malformed client packet. Related defects in the kea-dhcp4 and kea-dhcp6 servers can cause the server to crash during option processing if a client sends a malformed packet. An attacker sending a crafted malformed packet can cause an ISC Kea server providing DHCP services to IPv4 or IPv6 clients to exit unexpectedly. The kea-dhcp4 server is vulnerable only in versions 0.9.2 and 1.0.0-beta, and furthermore only when logging at debug level 40 or higher. Servers running kea-dhcp4 versions 0.9.1 or lower, and servers which are not logging or are logging at debug level 39 or below are not vulnerable. The kea-dhcp6 server is vulnerable only in versions 0.9.2 and 1.0.0-beta, and furthermore only when logging at debug level 45 or higher. Servers running kea-dhcp6 versions 0.9.1 or lower, and servers which are not logging or are logging at debug level 44 or below are not vulnerable. Discovery 2015-12-15 Entry 2016-01-04 Modified 2016-01-05 kea >= 0.9.2 lt 1.0.0 CVE-2015-8373 https://kb.isc.org/article/AA-01318/0/CVE-2015-8373-ISC-Kea%3A-unexpected-termination-while-handling-a-malformed-packet.html
20b92374-d62a-11e9-af73-001b217e4ee5	ISC KEA -- Multiple vulnerabilities Internet Systems Consortium, Inc. reports: A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate (CVE-2019-6472) [Medium] An invalid hostname option can cause the kea-dhcp4 server to terminate (CVE-2019-6473) [Medium] An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart (CVE-2019-6474) [Medium] Discovery 2019-08-28 Entry 2019-09-20 kea < 1.6.0 https://gitlab.isc.org/isc-projects/kea/issues CVE-2019-6472 CVE-2019-6473 CVE-2019-6474

VuXML ID

Description

59e7eb28-b309-11e5-af83-80ee73b5dcf5

kea -- unexpected termination while handling a malformed packet

ISC Support reports:

ISC Kea may terminate unexpectedly (crash) while handling a malformed client packet. Related defects in the kea-dhcp4 and kea-dhcp6 servers can cause the server to crash during option processing if a client sends a malformed packet. An attacker sending a crafted malformed packet can cause an ISC Kea server providing DHCP services to IPv4 or IPv6 clients to exit unexpectedly.

The kea-dhcp4 server is vulnerable only in versions 0.9.2 and 1.0.0-beta, and furthermore only when logging at debug level 40 or higher. Servers running kea-dhcp4 versions 0.9.1 or lower, and servers which are not logging or are logging at debug level 39 or below are not vulnerable.

The kea-dhcp6 server is vulnerable only in versions 0.9.2 and 1.0.0-beta, and furthermore only when logging at debug level 45 or higher. Servers running kea-dhcp6 versions 0.9.1 or lower, and servers which are not logging or are logging at debug level 44 or below are not vulnerable.

Discovery 2015-12-15
Entry 2016-01-04
Modified 2016-01-05
kea

>= 0.9.2 lt 1.0.0

CVE-2015-8373
https://kb.isc.org/article/AA-01318/0/CVE-2015-8373-ISC-Kea%3A-unexpected-termination-while-handling-a-malformed-packet.html

20b92374-d62a-11e9-af73-001b217e4ee5

ISC KEA -- Multiple vulnerabilities

Internet Systems Consortium, Inc. reports:

A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate (CVE-2019-6472) [Medium]

An invalid hostname option can cause the kea-dhcp4 server to terminate (CVE-2019-6473) [Medium]

An oversight when validating incoming client requests can lead to a situation where the Kea server

will exit when trying to restart (CVE-2019-6474) [Medium]

Discovery 2019-08-28
Entry 2019-09-20
kea

< 1.6.0

https://gitlab.isc.org/isc-projects/kea/issues
CVE-2019-6472
CVE-2019-6473
CVE-2019-6474