Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-40780

Опубликовано: 22 окт. 2025
Источник: debian
EPSS Низкий

Описание

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
bind9fixed1:9.20.15-1package

Примечания

  • https://kb.isc.org/docs/cve-2025-40780

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/2924910eeea5c86720149bc48d799ccb69e59797 (v9.20.15)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/26c77915d52a577be6f421fd351506c29185ab97 (v9.20.15)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/8330b49fb90bfeae14b47b7983e9459cc2bbaffe (v9.18.41)

EPSS

Процентиль: 5%
0.0002
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-40780

CVSS3: 8.6
ubuntu
5 месяцев назад

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

redhat логотип

CVE-2025-40780

CVSS3: 8.6
redhat
5 месяцев назад

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

nvd логотип

CVE-2025-40780

CVSS3: 8.6
nvd
5 месяцев назад

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

msrc логотип

CVE-2025-40780

CVSS3: 8.6
msrc
5 месяцев назад

Cache poisoning due to weak PRNG

github логотип

GHSA-j3w4-m6qj-vmm5

CVSS3: 8.6
github
5 месяцев назад

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

EPSS

Процентиль: 5%
0.0002
Низкий