vulnerability

Alpine Linux: CVE-2019-6474: Missing Release of Resource after Effective Lifetime

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:A/AC:L/Au:N/C:N/I:N/A:C)	Oct 16, 2019	Aug 22, 2024	Dec 5, 2025

Severity

CVSS

(AV:A/AC:L/Au:N/C:N/I:N/A:C)

Published

Oct 16, 2019

Added

Aug 22, 2024

Modified

Dec 5, 2025

Description

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2

Solution

alpine-linux-upgrade-kea

References

CVE-2019-6474
https://attackerkb.com/topics/CVE-2019-6474
URL-https://security.alpinelinux.org/vuln/CVE-2019-6474
CWE-772

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today