Nixpkgs security tracker

Permalink CVE-2026-3608

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 3 weeks, 3 days ago

Stack overflow in Kea daemons

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.

References

CVE-2026-3608 vendor-advisory
https://downloads.isc.org/isc/kea/2.6.5 patch
https://downloads.isc.org/isc/kea/3.0.3 patch
http://www.openwall.com/lists/oss-security/2026/03/25/6

Affected products

Kea

=<3.0.2
=<2.6.4

Matching in nixpkgs

pkgs.kea

High-performance, extensible DHCP server by ISC

nixos-unstable 3.0.2
- nixpkgs-unstable 3.0.2
- nixos-unstable-small 3.0.2
nixos-25.11 3.0.2
- nixos-25.11-small 3.0.2
- nixpkgs-25.11-darwin 3.0.2

pkgs.keama

Kea Migration Assistent

nixos-unstable 4.4.3-P1
- nixpkgs-unstable 4.4.3-P1
- nixos-unstable-small 4.4.3-P1
nixos-25.11 4.4.3-P1
- nixos-25.11-small 4.4.3-P1
- nixpkgs-25.11-darwin 4.4.3-P1