PT-2025-29873

Name of the Vulnerable Software and Affected Versions BIND versions 9.20.0 through 9.20.10 BIND versions 9.21.0 through 9.21.9 BIND versions 9.20.9-S1 through 9.20.10-S1 Description If a named caching resolver is configured with serve-stale-enable set to yes, and with stale-answer-client-timeout...

CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

Privilege Escalation

bind is vulnerable to privilege escalation. The vulnerability exists as a user is able to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone...

SRTT Vulnerability in BIND Software Puts DNS Protocol Security At Risk

After the Heartbleed bug that exposed half of the Internet vulnerable to hackers thereby marking as one of the largest Internet vulnerability in recent history, the critical flaw in the implementation of the DNS protocol could also represent a serious menace to the Internet security. A Serious...