First published: Wed Oct 16 2019(Updated: )
An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
Credit: security-officer@isc.org
Affected Software | Affected Version | How to fix |
---|---|---|
ISC Kea | >=1.4.0<=1.5.0 | |
ISC Kea | =1.6.0-beta1 | |
ISC Kea | =1.6.0-beta2 |
Upgrade to a version of Kea containing a fix, available via https://www.isc.org/downloads. - Kea 1.4.0-P2 - Kea 1.5.0-P1 - Kea 1.6.0
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-6473 affects ISC Kea versions 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
CVE-2019-6473 is rated as a moderate severity vulnerability due to its impact on service availability.
To fix CVE-2019-6473, upgrade to a version of ISC Kea that is not affected, such as 1.5.1 or later.
CVE-2019-6473 describes an assertion failure caused by an invalid hostname option in the Kea DHCPv4 server.
If CVE-2019-6473 is left unaddressed, the Kea DHCP server may crash when receiving a malformed hostname option, resulting in service downtime.