CVE-2025-40775 DNS message with invalid TSIG causes an assertion failure

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

ISC BIND 安全漏洞

ISC BIND is an ISC open source suite of open source software that implements the DNS protocol. A security vulnerability exists in ISC BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7, which stems from an invalid value in the TSIG algorithm field that could lead to an assertion...

PT-2025-22347 · Isc +3 · Bind 9 +3

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.20.0 through 9.20.8 BIND 9 versions 9.21.0 through 9.21.7 Description: When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorith...

[ASA-202505-14] bind: denial of service

Arch Linux Security Advisory ASA-202505-14 ========================================== Severity: High Date : 2025-05-21 CVE-ID : CVE-2025-40775 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2881 Summary ======= The package bind before version 9.20.9...

Ubuntu 24.10 / 25.04 : Bind vulnerability (USN-7526-1)

The remote Ubuntu 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7526-1 advisory. It was discovered that Bind incorrectly handled certain DNS messages with invalid TSIG. A remote attacker could possibly use this issue to cause Bind to crash...

ISC BIND DoS Vulnerability (CVE-2025-40775) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

ISC BIND DoS Vulnerability (CVE-2025-40775) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

UBUNTU-CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

CVE-2025-44896

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bindEditMACName parameter in the webaclbindEditpost function...

Security Bulletin: AIX/VIOS is vulnerable to a denial of service due to ISC BIND

Summary Vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service CVE-2024-12705, CVE-2024-11187. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details CVEID:CVE-2024-12705 DESCRIPTION: Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's C...

AIX is vulnerable to a denial of service due to ISC BIND

IBM SECURITY ADVISORY First Issued: Tue May 20 08:16:08 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory28.asc Security Bulletin: AIX is vulnerable to a denial of service due to ISC BIND...

CVE-2025-44896

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bindEditMACName parameter in the webaclbindEditpost function...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2025-1394)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2025-1384)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.0 : dhcp (EulerOS-SA-2025-1576)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer fr...

EulerOS Virtualization 2.12.1 : dhcp (EulerOS-SA-2025-1560)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer fr...

Alibaba Cloud Linux 3 : 0067: bind (ALINUX3-SA-2024:0067)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0067 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-3094: Sending a flood of dynamic DNS updat...

Alibaba Cloud Linux 3 : 0167: bind (ALINUX3-SA-2024:0167)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0167 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-1737: Resolver caches and...