oss-sec mailing list archives
ISC has disclosed one vulnerability in Kea (CVE-2026-3608)
From: Peter Davies <peterd () isc org>
Date: Wed, 25 Mar 2026 09:23:25 +0100
On 25 March 2026, Internet Systems Consortium disclosed one vulnerability affecting our Kea software:
- CVE-2026-3608: Stack overflow in Kea daemons https://kb.isc.org/docs/cve-2026-3608
New versions of Kea are available: - https://downloads.isc.org/isc/kea/2.6.5/ - https://downloads.isc.org/isc/kea/3.0.3/For more information and other release formats, consult the ISC software download page: https://www.isc.org/download/
With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released.
-- Peter Davies Support Engineer Internet Systems Corporation peterd () isc org 001 650-423-1460
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
Current thread:
- ISC has disclosed one vulnerability in Kea (CVE-2026-3608) Peter Davies (Mar 25)