FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  537620
Date:      2020-06-03
Time:      16:46:05Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
59e7eb28-b309-11e5-af83-80ee73b5dcf5kea -- unexpected termination while handling a malformed packet

ISC Support reports:

ISC Kea may terminate unexpectedly (crash) while handling a malformed client packet. Related defects in the kea-dhcp4 and kea-dhcp6 servers can cause the server to crash during option processing if a client sends a malformed packet. An attacker sending a crafted malformed packet can cause an ISC Kea server providing DHCP services to IPv4 or IPv6 clients to exit unexpectedly.

  • The kea-dhcp4 server is vulnerable only in versions 0.9.2 and 1.0.0-beta, and furthermore only when logging at debug level 40 or higher. Servers running kea-dhcp4 versions 0.9.1 or lower, and servers which are not logging or are logging at debug level 39 or below are not vulnerable.

  • The kea-dhcp6 server is vulnerable only in versions 0.9.2 and 1.0.0-beta, and furthermore only when logging at debug level 45 or higher. Servers running kea-dhcp6 versions 0.9.1 or lower, and servers which are not logging or are logging at debug level 44 or below are not vulnerable.


Discovery 2015-12-15
Entry 2016-01-04
Modified 2016-01-05
kea
ge 0.9.2 lt 1.0.0

CVE-2015-8373
https://kb.isc.org/article/AA-01318/0/CVE-2015-8373-ISC-Kea%3A-unexpected-termination-while-handling-a-malformed-packet.html
20b92374-d62a-11e9-af73-001b217e4ee5ISC KEA -- Multiple vulnerabilities

Internet Systems Consortium, Inc. reports:

A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate (CVE-2019-6472) [Medium]

An invalid hostname option can cause the kea-dhcp4 server to terminate (CVE-2019-6473) [Medium]

An oversight when validating incoming client requests can lead to a situation where the Kea server

will exit when trying to restart (CVE-2019-6474) [Medium]


Discovery 2019-08-28
Entry 2019-09-20
kea
lt 1.6.0

https://gitlab.isc.org/isc-projects/kea/issues
CVE-2019-6472
CVE-2019-6473
CVE-2019-6474