Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-40778

Опубликовано: 22 окт. 2025
Источник: debian
EPSS Низкий

Описание

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
bind9fixed1:9.20.15-1package

Примечания

  • https://kb.isc.org/docs/cve-2025-40778

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/196732041318b931b6fa97f18077117b3b548d18 (v9.20.15)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/ab97f6e9f4405b61ba2051363104fc812cac5270 (v9.20.15)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/a266f329e908313c5669a45751bd1cd84f3bd95b (v9.20.15)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/025d61bacd0f57f994a631654aff7a933d89a547 (v9.18.41)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/cd17dfe696cdf9b8ef23fbc8738de7c79f957846 (v9.18.41)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/4c6d03b0bb2ffbafcde8e8a5bc0e49908b978a72 (v9.18.41)

EPSS

Процентиль: 0%
0.00008
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-40778

CVSS3: 8.6
ubuntu
19 дней назад

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

nvd логотип

CVE-2025-40778

CVSS3: 8.6
nvd
19 дней назад

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

msrc логотип

CVE-2025-40778

msrc
16 дней назад

Cache poisoning attacks with unsolicited RRs

suse-cvrf логотип

SUSE-SU-2025:3976-1

suse-cvrf
4 дня назад

Security update for bind

github логотип

GHSA-xmqp-6cj2-2hh3

CVSS3: 8.6
github
19 дней назад

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

EPSS

Процентиль: 0%
0.00008
Низкий