Nixpkgs security tracker

Permalink CVE-2026-3608

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 month, 1 week ago by @LeSuisse Activity log

Created suggestion 1 month, 1 week ago
@LeSuisse ignored
4 packages
- keama
- speakeasy-cli
- elmPackages.elm-graphql
- prometheus-kea-exporter
1 month, 1 week ago
@LeSuisse accepted 1 month, 1 week ago
@LeSuisse published on GitHub 1 month, 1 week ago

Stack overflow in Kea daemons

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.

References

CVE-2026-3608 vendor-advisory
https://downloads.isc.org/isc/kea/2.6.5 patch
https://downloads.isc.org/isc/kea/3.0.3 patch
http://www.openwall.com/lists/oss-security/2026/03/25/6

Affected products

Kea

=<3.0.2
=<2.6.4

Matching in nixpkgs

pkgs.kea

High-performance, extensible DHCP server by ISC

nixos-unstable 3.0.2
- nixpkgs-unstable 3.0.2
- nixos-unstable-small 3.0.2
nixos-25.11 3.0.2
- nixos-25.11-small 3.0.2
- nixpkgs-25.11-darwin 3.0.2

Ignored packages (4)

pkgs.keama

Kea Migration Assistent

nixos-unstable 4.4.3-P1
- nixpkgs-unstable 4.4.3-P1
- nixos-unstable-small 4.4.3-P1
nixos-25.11 4.4.3-P1
- nixos-25.11-small 4.4.3-P1
- nixpkgs-25.11-darwin 4.4.3-P1

pkgs.speakeasy-cli

CLI tool for Speakeasy

nixos-unstable 1.636.3
- nixpkgs-unstable 1.636.3
- nixos-unstable-small 1.636.3

pkgs.elmPackages.elm-graphql

Autogenerate type-safe GraphQL queries in Elm

pkgs.prometheus-kea-exporter

Export Kea Metrics in the Prometheus Exposition Format

nixos-unstable 0.7.0
- nixpkgs-unstable 0.7.0
- nixos-unstable-small 0.7.0
nixos-25.11 0.7.0
- nixos-25.11-small 0.7.0
- nixpkgs-25.11-darwin 0.7.0

Package maintainers

@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>

Upstream advisory: https://kb.isc.org/docs/cve-2026-3608
https://downloads.isc.org/isc/kea/3.0.3

Suggestions search