CVE-2026-3608 - Vulnerability Details - OpenCVE

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Isc	Kea

No data.

No data.

No data.

References

Link	Providers
https://downloads.isc.org/isc/kea/2.6.5
https://downloads.isc.org/isc/kea/3.0.3
https://kb.isc.org/docs/cve-2026-3608

History

Wed, 25 Mar 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.
Title		Stack overflow in Kea daemons
First Time appeared		Isc Isc kea
Weaknesses		CWE-617
CPEs		cpe:2.3:a:isc:kea::::::::
Vendors & Products		Isc Isc kea
References		https://downloads.isc.org/isc/kea/2.6.5 https://downloads.isc.org/isc/kea/3.0.3 https://kb.isc.org/docs/cve-2026-3608
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: isc

Published: 2026-03-25T08:46:48.992Z

Updated: 2026-03-25T08:46:48.992Z

Reserved: 2026-03-05T17:47:36.088Z

Link: CVE-2026-3608

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-25T09:16:25.810

Modified: 2026-03-25T09:16:25.810

Link: CVE-2026-3608

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3608", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2026-03-05T17:47:36.088Z", "datePublished": "2026-03-25T08:46:48.992Z", "dateUpdated": "2026-03-25T08:46:48.992Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2026-03-25T08:46:48.992Z"}, "title": "Stack overflow in Kea daemons", "datePublic": "2026-03-25T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "Kea", "versions": [{"version": "2.6.0", "lessThanOrEqual": "2.6.4", "status": "affected", "versionType": "custom"}, {"version": "3.0.0", "lessThanOrEqual": "3.0.2", "status": "affected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:isc:kea:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.0", "versionEndIncluding": "2.6.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:kea:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0.0", "versionEndIncluding": "3.0.2"}]}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "descriptions": [{"lang": "en", "value": "Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error.\nThis issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Loss of DHCP services"}]}], "workarounds": [{"lang": "en", "value": "Securing the API sockets with TLS, and requiring the client to authenticate with a certificate (mutual authentication), prevents the attacker from establishing an API connection to Kea. Set cert-required to true (the default) to require a client certificate. See: https://kea.readthedocs.io/en/stable/arm/security.html#tls-https-configuration"}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of Kea: 2.6.5 or 3.0.3."}], "credits": [{"lang": "en", "value": "ISC would like to thank Ali Norouzi of Keysight for bringing this vulnerability to our attention."}], "references": [{"url": "https://kb.isc.org/docs/cve-2026-3608", "name": "CVE-2026-3608", "tags": ["vendor-advisory"]}, {"url": "https://downloads.isc.org/isc/kea/2.6.5", "tags": ["patch"]}, {"url": "https://downloads.isc.org/isc/kea/3.0.3", "tags": ["patch"]}], "source": {"discovery": "EXTERNAL"}}}}