Kea is an open source Dynamic Host Configuration Protocol (DHCP) server published by the Internet Systems Consortium (ISC). Earlier this year, US-CERT issued a security advisory warning that Kea DHCP 1.4.0 has a memory leak vulnerability that a remote attacker could exploit to cause a denial-of-service attack.
The vulnerability was introduced in the hooks extension of Kea, which enables developers to load third-party libraries that can extract information from the server or even change how the server behaves.
