{"id":"CVE-2019-6474","details":"A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2","modified":"2026-04-10T04:19:46.258322Z","published":"2019-10-16T18:15:37.217Z","references":[{"type":"ADVISORY","url":"https://kb.isc.org/docs/cve-2019-6474"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/kea","events":[{"introduced":"adecd0b6b6f2967f3e6d4c2258e59af2b0767168"},{"last_affected":"a0d3d9729b506eaa4674e5bd8b25b87d84d2492d"},{"introduced":"0"},{"last_affected":"03f0af3900bdd9eaa951b23cc9508f0618d3f1bb"}],"database_specific":{"versions":[{"introduced":"1.4.0"},{"last_affected":"1.5.0"},{"introduced":"0"},{"last_affected":"1.6.0-beta2"}]}}],"versions":["100-implement-test-config-backend-dhcp6_base","111-configure-options-with-cql-not-working-properly_base","111-configure-options-with-mysql-not-working-properly_base","111-configure-options-with-pgsql-not-working-properly_base","117-configure-script-doesn-t-fail-when-enable-generate-docs-is-used-and-docbook-style-xsl-is-not-installed","117-configure-script-doesn-t-fail-when-enable-generate-docs-is-used-and-docbook-style-xsl-is-not-installed_base","120-macos_exit_base","128-netconf-config_base","128-netconf-use-libprocess_base","130-all-keys-sample_base","134-bugs--xcode-10_base","136-add-global-host-reservation-examples_base","137-improve-kea-compilation-time-2_base","148-lib-process-servers-without-arguments_base","153-netconf-agent_base","153-netconf-ca-constant_base","153-netconf-configs_base","153-netconf-control-socket_base","153-netconf-fd-watcher_base","153-netconf-test-hang_base","154-netconf-disable-reload_base","161-move-hooks-subdirectory-under-kea-own-directory_base","161-move-hooks-subdirectory-under-kea-own-directory_merged","165-netbsd-8-fixes_base","168-config-manager-clear-does-not-clear-the-d2-client-config_base","171-keactrl-tests-not-posix_base","174-warning-for-unused-trace-levels_base","176-update-to-sysrepo-0-7-6-release_base","177-serialize-netconf-tests_base","178-fix-shell-tests_base","180-address-some-doxygen-warnings-errors_base","182-remove-always-include-fqdn-configuration-parameter-from-d2clientconfig_base","186-add-kea-netconf-daemon-to-keactrl_base","198-user-s-guide-update-json-section-needs-a-refresh_base","208-move-logging-from-global-objects-to-global-params_base","259-libyang-adapt-authoritative_base","268-reservation-mode-is-not-global_base","275-config-control-syntax-cleanup_base","283-perfdhcp-fix-send-due_base","284-need-dhcp6-example-for-netconf_base","297-old-text-about-multiple-classes-guards_base","30-implement-control-socket-for-ddns-2_base","306-distribute-yang-modules_base","313-return-a-list-of-all-reservations-by-subnet-id_base","327-split-transmission-and-reception-control-buffers_base","333-parser-libraries-for-servers_base","339-doxygen-errors_base","340-make-perfdhcp-build-optional_base","343-put-socket-control-buffer-in-the-stack_base","344-lease-cmds-unit-tests_base","354-compilation-with-mysql-fails-on-fedora-29_base","361-kea-user-s-guide-table-listing-standard-options-uses-hex-instead-of-binary_base","366-check-circular_buffer-hpp-existence-in-configure_base","367-kea-does-not-compile-with-boost-installed-at-not-default-location_base","371-ld-warning-message-on-macos-build_base","375-add-config-reload-support-in-process-library_base","380-unexpected-boost-include-capture_base","381-bad-config-crashes-ca-or-d2-servers-even-with-c_base","386-remove-obsolete-experimental-dhcpv6-options_base","397-cb-implement-mysqlconfigbackenddhcpv6_base","405-update-cb_cmds","405-update-cb_cmds_base","406-update-cb_cmds-with-get-commands_base","417-incorrect-return-value-of-ifacemgr-send_base","421-create-config-backend-for-dhcpv6-base_base","421-create-config-backend-for-dhcpv6_base","422-distcheck-failure-after-375_base","426-cassandra-unit-tests-ends-with-success-even-though-they-fail_base","429-Updated-StampedValue-to-support-reals_base","430-configure-location-of-datadir_base","441-make-distcheck-fails-on-fedora-29-automake-1-16_base","441-make-distcheck-fails-on-fedora-29_base","448-update-cb-cmds-to-handle-parameter-types_base","453-update-makefile-using-bison_base","458-config-backend-support-in-src-lib_base","460-update-mysql-database-schema-for-dhcpv6--align-on-dhcpv4_base","463-ordering-using-timestamps-without-fractional-part-fails-on-mysql-8_base","465-add-subnet4-update-and-subnet6-update-commands-to-subnet-cmds-hook_base","465-add-subnet4-update-and-subnet6-update-commands-to-subnet-cmds-hook_base2","474-optionally-disable-collection-host-lookups_base","478-improve-error-message-database-backend-mysql_base","481-remote-subnet4-set-inconsistent-work-when-id-subnet-is-duplicated_base","486-no-longer-use-bison-is-yacc-emulation-mode_base","492-cb-subnet-merge-vs-duplicate-subnet-prefixes_base","494-dhcp4configparser-sharednetworkssanitychecks-is-buggy_base","498-pkg-config-usage-in-kea-libs-is-wrong_base","499-global-keywords-entries_base","5-netconf-config_base","5-netconf-doc-config_base","5-netconf-extend-syntax_base","500-strengthen-option-def-parser_base","503-refuse-option-definitions-which-duplicate-a-name-space_base","509-improve-disabling-client-id-lookup_base","512-fix-TestConfigBackendDHCPv4-deleteSharedNetworkSubnets4_base","512-remote-network4-del-update_base","519-dhcp-server-response-an-empty-rai-field_base","524-using-sh-and-wrong-syntax-in-if-statements-breaks-ubuntu-build_base","65-libyang-adaptors_base","65-libyang-class_base","65-libyang-clean-keatext_base","65-libyang-config-adaptor_base","65-libyang-config-build_base","65-libyang-config-translator_base","65-libyang-control-socket_base","65-libyang-database_base","65-libyang-extend-syntax_base","65-libyang-finish-doc_base","65-libyang-gcc-requirement_base","65-libyang-getParam_base","65-libyang-host_base","65-libyang-logger_base","65-libyang-models-fix_base","65-libyang-models-update_base","65-libyang-pd-pool_base","65-libyang-pool_base","65-libyang-shared-network-translator_base","65-libyang-subnet_base","65-libyang-testutils_base","65-libyang-tools_base","66-authoritative-flag-in-kea_base","67-expressions-hexa-strings_base","75-radius-documentation-needs-an-update_base","82-improve-kea-test-capabilities_base","94-cb-implement-mysqlconfigbackenddhcpv6-prepare_base","Kea-1.5.0","Kea-1.5.0-beta1","Kea-1.5.0-beta2","Kea-1.6.0-beta2","eng_drop_01312017","fd4o6_base","fd_json_bench_base","fdfb_base","fdflex_base","fdfnv_base","fdppjson_base","fdxhook_base","gitlab116_base","gitlab20_base","gitlab29-base","ha_checkpoint3","ha_checkpoints12","ha_phase2","kea-eng-20140313","kea5574_base","libyang-adaptor_base","libyang-generic_base","libyang-models_base","libyang-option-data_base","libyang-option-def_base","rt3470_base","sedhcpv6a_0","trac102_base","trac102a_base","trac102b_base","trac1205_base","trac1205a_base","trac2358_base","trac2358a_base","trac2406_cl_base","trac2406k_base","trac2406km_base","trac2487_base","trac2688_base","trac3162_base","trac3162a_base","trac3238_base","trac3389_base","trac3389a_base","trac3434_base","trac3471_base","trac3473_base","trac3482_base","trac3489_base","trac3504_base","trac3504b_base","trac3513_base","trac3516_base","trac3543_base","trac3590_base","trac3595_base","trac3602_base","trac3614_base","trac3616_base","trac3627_base","trac3629a_base","trac3631_base","trac3632_base","trac3652_base","trac3656_base","trac3661_base","trac3697_base","trac3700_base","trac3712_base","trac3713_base","trac3722_base","trac3723_base","trac3727_base","trac3732b_base","trac3733_base","trac3745_base","trac3752_base","trac3762_base","trac3764_base","trac3764a_base","trac3770_base","trac3770_base2","trac3771_base","trac3773_base","trac3782_base","trac3785_base","trac3791_base","trac3812_base","trac3814_base","trac3815_base","trac3824_base","trac3828_base","trac3829_base","trac3830_base","trac3832_base","trac3833_base","trac3838_base","trac3839_base","trac3841_base","trac3842_base","trac3844_base","trac3845_base","trac3853_base","trac3854_base","trac3855_base","trac3858_base","trac3858a_base","trac3860_base","trac3861_base","trac3863_base","trac3864_base","trac3865_base","trac3867_base","trac3874_base","trac3881_base","trac3882a_base","trac3889_base","trac3898_base","trac3899_base","trac3908_base","trac3910_base","trac3911_base","trac3911a_base","trac3915_base","trac3919_base","trac3920_base","trac3921_base","trac3921a_base","trac3922_base","trac3923_base","trac3923a_base","trac3927_base","trac3932_base","trac3944_base","trac3978_base","trac4003_base","trac4006_base","trac4010_base","trac4014_base","trac4015_base","trac4016_base","trac4018_base","trac4024_base","trac4024_try_base","trac4026_base","trac4028_base","trac4029_base","trac4032_base","trac4034_base","trac4045_base","trac4049_base","trac4061_base","trac4062_base","trac4065_base","trac4068_base","trac4070_base","trac4071_base","trac4074_base","trac4096_base","trac4097_base","trac4097a_base","trac4106_base","trac4106_update_base","trac4107_base","trac4109a_base","trac4110_base","trac4113_base","trac4115_base","trac4115a_base","trac4116_base","trac4121_base","trac4201_base","trac4203_base","trac4204_base","trac4204fd_base","trac4231_base","trac4232a_base","trac4234_base","trac4240_base","trac4241_base","trac4242_base","trac4245_base","trac4248_base","trac4263_base","trac4266_base","trac4267_base0","trac4268a_base","trac4272_base","trac4272a_base","trac4273_base","trac4274_base","trac4283_base","trac4286_base","trac4287_base","trac4289_base","trac4290_base","trac4291_base","trac4306_base","trac4307_base","trac4310_base","trac4313_base","trac4315_base","trac4326_base","trac4339_base","trac4500_base","trac4501_base","trac4523_base","trac4540_base","trac4551_base","trac4631_base","trac4631a_base","trac4631b_base","trac5004_base","trac5006_base","trac5010_base","trac5014_base","trac5017_base","trac5019_base","trac5021_base","trac5031_base","trac5035_base","trac5046_base","trac5049_base","trac5051_base","trac5053_base","trac5057_base","trac5060_base","trac5061_base","trac5062_base","trac5070_base","trac5071_base","trac5073_base","trac5073a_base","trac5075_base","trac5076_base","trac5077_base","trac5087_base","trac5088_base","trac5090_base","trac5091_base","trac5092_base","trac5093_base","trac5094_base","trac5096_base","trac5097_base","trac5098_base","trac5099_base","trac5101_base","trac5104_base","trac5105_base","trac5106_base","trac5110_base","trac5112_base","trac5113_base","trac5117_base","trac5119_base","trac5121_base","trac5122_base","trac5123_base","trac5124_base","trac5124a_base","trac5126_base","trac5131_base","trac5132_base","trac5137_base","trac5138_base","trac5138_fd_base","trac5145_base","trac5145a_base","trac5145b_base","trac5146_base","trac5146a_base","trac5151_base","trac5152_base","trac5160_base","trac5170_base","trac5186_base","trac5187_base","trac5196_base","trac5210_base","trac5212_base","trac5213_base","trac5214_base","trac5227_base","trac5241_base","trac5243_base","trac5243x_base","trac5266_base","trac5267_base","trac5277_base","trac5282_base","trac5286_base","trac5287_base","trac5288_base","trac5297_base","trac5333_base","trac5351_base","trac5361_base","trac5362_base","trac5363_base","trac5365_base","trac5379_base","trac5380_base","trac5381_base","trac5382_base","trac5389_base","trac5391_base","trac5400_base","trac5404_base","trac5425_base","trac5425a_base","trac5440_base","trac5449_base","trac5452_base","trac5457_base","trac5458_base","trac5458a_base","trac5488_base","trac5494_base","trac5496_base","trac5502_base","trac5513_base","trac5515_base","trac5524_base","trac5525_base","trac5528_base","trac5530a_base","trac5533a_base","trac5536_base","trac5549_base","trac5549a_base","trac5555_base","trac5560_base","trac5566_base","trac5577_base","trac5582_base","trac5584_base","trac5591_base","trac5605a_base","trac5609_base","trac5617_base","trac5631_base","trac5668_base","trac5685_base","trac5694_base"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.6.0-beta1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6474.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}