oss-sec mailing list archives
ISC has disclosed one vulnerability in Kea (CVE-2025-11232)
From: Wlodek Wencel <wlodek () isc org>
Date: Wed, 29 Oct 2025 18:45:10 +0100
On 29 October 2025 we (Internet Systems Consortium) disclosed one vulnerability affecting our Kea software:
- CVE-2025-11232: Invalid characters cause assert https://kb.isc.org/docs/cve-2025-11232
New versions of Kea 3.0.2 and 3.1.3 are available from https://www.isc.org/downloads
With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released.
Włodek Wencel
Attachment:
OpenPGP_0x2F58CA1ABCCB2572.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
Current thread:
- ISC has disclosed one vulnerability in Kea (CVE-2025-11232) Wlodek Wencel (Oct 29)