Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-40780

Опубликовано: 22 окт. 2025
Источник: debian
EPSS Низкий

Описание

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
bind9fixed1:9.20.15-1package

Примечания

  • https://kb.isc.org/docs/cve-2025-40780

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/2924910eeea5c86720149bc48d799ccb69e59797 (v9.20.15)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/26c77915d52a577be6f421fd351506c29185ab97 (v9.20.15)

  • Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/8330b49fb90bfeae14b47b7983e9459cc2bbaffe (v9.18.41)

EPSS

Процентиль: 4%
0.00019
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-40780

CVSS3: 8.6
ubuntu
19 дней назад

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

nvd логотип

CVE-2025-40780

CVSS3: 8.6
nvd
19 дней назад

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

msrc логотип

CVE-2025-40780

msrc
16 дней назад

Cache poisoning due to weak PRNG

github логотип

GHSA-j3w4-m6qj-vmm5

CVSS3: 8.6
github
19 дней назад

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

oracle-oval логотип

ELSA-2025-19793

oracle-oval
5 дней назад

ELSA-2025-19793: bind9.16 security update (IMPORTANT)

EPSS

Процентиль: 4%
0.00019
Низкий