CVE-2018-5739

CVE-2018-5739 is a medium-severity vulnerability in Isc Kea with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-772.

Key facts

Description

An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0.

Frequently asked questions

What is CVE-2018-5739?
An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0.
How severe is CVE-2018-5739?
CVE-2018-5739 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2018-5739 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (77th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2018-5739?
CVE-2018-5739 affects Isc Kea. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2018-5739?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2018-5739 published?
CVE-2018-5739 was published on 2019-01-16 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Isc Kea

All CVEs affecting Isc Kea →

Other CWE-772 vulnerabilities

Browse all CWE-772 vulnerabilities →