CLSA-2026-1777287060 bind: Fix of CVE-2025-40778

CVE-2025-40778: reject forged records in answer sections to prevent cache poisoning via crafted responses - build tests improved...

CVE-2025-40778 Cache poisoning attacks with unsolicited RRs

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability...

最新版通达OA几处存储型XSS

简要描述： 最新版通达OA几处存储型XSS 详细说明： 测试版本：下载 通达OA 2013增强版125MB 下载地址：http://www.tongda2000.com/download/2013adv.php 更新于 2013-12-26 13:30 1、讨论区发帖处发帖内容存储型XSS 2、回答“OA知道”问题时以源码方式编辑存在存储型XSS： 漏洞证明： img src="https://images.seebug.org/upload...

CVE-2008-4194

The pexecquery function in src/dnsquery.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service daemon crash via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."...