FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ISC KEA -- Invalid characters cause assert

Affected packages
3.0.1 <= kea < 3.0.2
3.1.1 <= kea-devel < 3.1.3

Details

VuXML ID 55c4e822-b4e4-11f0-8438-001b217e4ee5
Discovery 2025-10-29
Entry 2025-10-29

Internet Systems Consortium, Inc. reports:

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must NOT be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This addresses CVE-2025-11232 [#4142, #4155].

[source]

References

CVE Name CVE-2025-11232
URL https://kb.isc.org/docs/cve-2025-11232

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.