git: f094f8425566 - main - security/vuxml: Add net/kea vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 28 Aug 2025 19:32:45 UTC
The branch main has been updated by garga:
URL: https://cgit.FreeBSD.org/ports/commit/?id=f094f8425566fffceee0f25f0161ce83301023e9
commit f094f8425566fffceee0f25f0161ce83301023e9
Author: Andrey Pevnev <apevnev@me.com>
AuthorDate: 2025-08-28 19:19:06 +0000
Commit: Renato Botelho <garga@FreeBSD.org>
CommitDate: 2025-08-28 19:32:40 +0000
security/vuxml: Add net/kea vulnerability
* CVE-2025-40779
---
security/vuxml/vuln/2025.xml | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 2009194bf407..6946108a86d8 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,31 @@
+ <vuln vid="f727fe60-8389-11f0-8438-001b217e4ee5">
+ <topic>ISC KEA -- kea-dhcp4 aborts if client sends a broadcast request with particular options</topic>
+ <affects>
+ <package>
+ <name>kea</name>
+ <range><lt>3.0.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Internet Systems Consortium, Inc. reports:</p>
+ <blockquote cite="https://kb.isc.org/docs/">
+ <p>We corrected an issue in `kea-dhcp4` that caused
+ the server to abort if a client sent a broadcast request with particular
+ options, and Kea failed to find an appropriate subnet for that client.
+ This addresses CVE-2025-40779 [#4055, #4048].</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-40779</cvename>
+ </references>
+ <dates>
+ <discovery>2025-08-27</discovery>
+ <entry>2025-08-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2a11aa1e-83c7-11f0-b6e5-4ccc6adda413">
<topic>qt6-base -- DoS in QColorTransferGenericFunction</topic>
<affects>