What is CVE-2018-5739?

CVE-2018-5739 is an extension to hooks capabilities in Kea 1.4.0 that introduced a memory leak for operators using certain hooks library facilities.

What is the severity of CVE-2018-5739?

The severity of CVE-2018-5739 is high, with a severity value of 7.5.

How does CVE-2018-5739 affect Kea?

CVE-2018-5739 affects Kea 1.4.0, causing a memory leak for operators using certain hooks library facilities.

How can the memory leak in CVE-2018-5739 be fixed?

To fix the memory leak in CVE-2018-5739, operators should update Kea to a version that includes the patch for this vulnerability.

Where can I find more information about CVE-2018-5739?

More information about CVE-2018-5739 can be found at the following reference: https://kb.isc.org/docs/aa-01626

Vulnerability/
CVE-2018-5739

high

7.5

CWE

772

16/1/2019

17/9/2024

CVE-2018-5739: Failure to release memory may exhaust system resources

First published: Wed Jan 16 2019(Updated: )

An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0.

Credit: security-officer@isc.org

Affected Software	Affected Version	How to fix
ISC Kea	=1.4.0

Remedy

Upgrade to Kea 1.4.0-P1 or higher, available via https://www.isc.org/downloads.

Never miss a vulnerability like this again

Reference Links

https://kb.isc.org/docs/aa-01626

Frequently Asked Questions

What is CVE-2018-5739?
CVE-2018-5739 is an extension to hooks capabilities in Kea 1.4.0 that introduced a memory leak for operators using certain hooks library facilities.
What is the severity of CVE-2018-5739?
The severity of CVE-2018-5739 is high, with a severity value of 7.5.
How does CVE-2018-5739 affect Kea?
CVE-2018-5739 affects Kea 1.4.0, causing a memory leak for operators using certain hooks library facilities.
How can the memory leak in CVE-2018-5739 be fixed?
To fix the memory leak in CVE-2018-5739, operators should update Kea to a version that includes the patch for this vulnerability.
Where can I find more information about CVE-2018-5739?
More information about CVE-2018-5739 can be found at the following reference: https://kb.isc.org/docs/aa-01626

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/remedy
agent/weakness
agent/last-modified-date
agent/severity
agent/author
agent/references
agent/event
agent/tags
agent/first-publish-date
agent/description
vendor/isc
canonical/isc kea
version/isc kea/1.4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.