oss-security - ISC has disclosed one vulnerability in Kea (CVE-2026-3608)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <596f43c3-54bd-413f-bfda-e42cac84ea95@isc.org>
Date: Wed, 25 Mar 2026 09:23:25 +0100
From: Peter Davies <peterd@....org>
To: oss-security@...ts.openwall.com
Cc: "security-officer@....org" <security-officer@....org>
Subject: ISC has disclosed one vulnerability in Kea (CVE-2026-3608)

On 25 March 2026, Internet Systems Consortium disclosed one 
vulnerability affecting our Kea software:

- CVE-2026-3608:        Stack overflow in Kea daemons 
https://kb.isc.org/docs/cve-2026-3608

New versions of Kea are available:

- https://downloads.isc.org/isc/kea/2.6.5/
- https://downloads.isc.org/isc/kea/3.0.3/

For more information and other release formats, consult the ISC software 
download page: https://www.isc.org/download/

With the public announcement of these vulnerabilities, the embargo 
period is ended and any updated software packages that have been 
prepared may be released.

-- 
Peter Davies
Support Engineer
Internet Systems Corporation
peterd@....org
001 650-423-1460


Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (237 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.