CVE-2025-11232 – Invalid characters cause assert

CVE ID : CVE-2025-11232

Published : Oct. 29, 2025, 6:15 p.m. | 1 hour, 8 minutes ago

Description : To trigger the issue, three configuration parameters must have specific settings: “hostname-char-set” must be left at the default setting, which is “[^A-Za-z0-9.-]”; “hostname-char-replacement” must be empty (the default); and “ddns-qualifying-suffix” must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.
This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…