CVE-2026-3608— Stack overflow in Kea daemons
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-3608
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stack overflow in Kea daemons
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可达断言
Source: NVD (National Vulnerability Database)
Vulnerability Title
ISC Kea 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ISC Kea是ISC组织的一个现代开源 DHCPv4 和 DHCPv6 服务器。 ISC Kea 2.6.0至2.6.4版本和3.0.0至3.0.2版本存在安全漏洞,该漏洞源于特制消息可能导致栈溢出错误。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-3608
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-3608
Please Login to view more intelligence information
- CVE-2026-3608: Stack overflow in Kea daemonsvendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-3608
Same Patch Batch · ISC · 2026-03-25 · 5 CVEs total
| CVE-2026-3104 | 7.5 HIGH | Memory leak in code preparing DNSSEC proofs of non-existence |
| CVE-2026-1519 | 7.5 HIGH | Excessive NSEC3 iterations cause high CPU load during insecure delegation validation |
| CVE-2026-3119 | 6.5 MEDIUM | Authenticated query containing a TKEY record may cause named to terminate unexpectedly |
| CVE-2026-3591 | 5.4 MEDIUM | A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass |
IV. Related Vulnerabilities
Same product: Kea
- CVE-2025-11232
Invalid characters cause assert - CVE-2025-40779
Kea crash upon interaction between specific client options a - CVE-2025-32803
Insecure file permissions can result in confidential informa - CVE-2025-32802
Insecure handling of file paths allows multiple local attack - CVE-2025-32801
Loading a malicious hook library can lead to local privilege
Same vendor: ISC
- CVE-2026-3591
A stack use-after-return flaw in SIG(0) handling code may en - CVE-2026-3119
Authenticated query containing a TKEY record may cause named - CVE-2026-3104
Memory leak in code preparing DNSSEC proofs of non-existence - CVE-2026-1519
Excessive NSEC3 iterations cause high CPU load during insecu - CVE-2025-13878
Malformed BRID/HHIT records can cause named to terminate une
Same weakness: CWE-617
- CVE-2026-41584
ZEBRA: rk Identity Point Panic in Transaction Verification - CVE-2026-20450
Qualcomm Modem MSV-6100远程拒绝服务漏洞 - CVE-2026-41485
Kyverno Controller Denial of Service via forEach Mutation Pa - CVE-2026-34067
nimiq-transaction vulnerable to panic via `HistoryTreeProof` - CVE-2026-34063
network-libp2p: Peer can crash the node by opening discovery
V. Comments for CVE-2026-3608
No comments yet