CVE-2025-40777

Summary: CVE-2025-40777 affects ISC BIND 9 where a named caching resolver configured with serve-stale-enable=yes and stale-answer-client-timeout=0 can abort due to an assertion failure while resolving a CNAME chain. Affected versions include BIND 9.20.0–9.20.10, 9.21.0–9.21.9, and 9.20.9-S1–9.20....

CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0'

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

ALPINE-CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

CVE-2025-40776 Birthday Attack against Resolvers supporting ECS

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

CVE-2025-40776

CVE-2025-40776 affects ISC BIND named caching resolvers that are configured to send EDNS Client Subnet (ECS) options. The vulnerability is a potential cache-poisoning issue in the resolver when ECS is present. Affected BIND 9 versions are 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S...

CVE-2025-40776 Birthday Attack against Resolvers supporting ECS

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

PT-2025-29825 · Isc · Bind

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.11.3-S1 through 9.16.50-S1 BIND 9 versions 9.18.11-S1 through 9.18.37-S1 BIND 9 versions 9.20.9-S1 through 9.20.10-S1 Description: A named caching resolver configured to send ECS EDNS Client Subnet options may be vulnerable ...

ISC BIND 9 安全漏洞

ISC BIND 9 is a Domain Name System software from the ISC organization. A security vulnerability exists in ISC BIND 9 that stems from vulnerability to cache poisoning attacks. The following versions are affected: versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1...

ROS-20250716-01

DNS BIND server vulnerability is related to asymmetric resource consumption. Exploiting the vulnerability Allows a remote attacker to cause a denial of service...

ISC BIND 9 安全漏洞

ISC BIND 9 is a Domain Name System software from the ISC organization. A security vulnerability exists in ISC BIND 9 that stems from an assertion failure that could result in service suspension. The following versions are affected: versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and...

PT-2025-29873

Name of the Vulnerable Software and Affected Versions BIND versions 9.20.0 through 9.20.10 BIND versions 9.21.0 through 9.21.9 BIND versions 9.20.9-S1 through 9.20.10-S1 Description If a named caching resolver is configured with serve-stale-enable set to yes, and with stale-answer-client-timeout...

UBUNTU-CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

Slackware Linux 15.0 / current bind Vulnerability (SSA:2025-197-01)

The version of bind installed on the remote host is prior to 9.18.38 / 9.20.11. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-197-01 advisory. New bind packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Rocky Linux Updates in ASCG 3.3.0

Multiple Rocky Linux updates applied to Brocade ASCG 3.3.0 RockyLinux 8:bzip2 RLSA-2025:0733 bzip2: bzip2: Data integrity error when decompressing with data integrity tests fail. CVE-2019-12900 RockyLinux 8:pam RLSA-2024:10379 pam: libpam: Libpam vulnerable to read hashed password CVE-2024-10041...