2962 matches found
CVE-2025-40777
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
CVE-2025-40777
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
CVE-2025-40777
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
CVE-2025-40777
Summary: CVE-2025-40777 affects ISC BIND 9 where a named caching resolver configured with serve-stale-enable=yes and stale-answer-client-timeout=0 can abort due to an assertion failure while resolving a CNAME chain. Affected versions include BIND 9.20.0–9.20.10, 9.21.0–9.21.9, and 9.20.9-S1–9.20....
CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0'
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0'
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
ALPINE-CVE-2025-5994
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...
CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...
CVE-2025-40776
A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...
ALPINE-CVE-2025-40776
A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...
CVE-2025-40776
A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...
unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack
[email protected] reports: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information...
UBUNTU-CVE-2025-40777
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
PT-2025-29873
Name of the Vulnerable Software and Affected Versions BIND versions 9.20.0 through 9.20.10 BIND versions 9.21.0 through 9.21.9 BIND versions 9.20.9-S1 through 9.20.10-S1 Description If a named caching resolver is configured with serve-stale-enable set to yes, and with stale-answer-client-timeout...
Improper Validation of Specified Quantity in Input
Overview resolv is a Thread-aware DNS resolver library in Ruby. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the getlabels function in the resolv.rb file. An attacker can cause excessive CPU resource consumption and make the applicatio...
AZL-65202 CVE-2025-24294 affecting package ruby for versions less than 3.1.7-3
The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...
DEBIAN-CVE-2025-24294
The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...
UBUNTU-CVE-2025-24294
The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...
Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS
The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to...
TencentOS Server 3: bind9.16 (TSSA-2023:0071)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0071 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...