Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-40778

Опубликовано: 22 окт. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 8.6

Описание

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

РелизСтатусПримечание
devel

released

1:9.20.11-1ubuntu3
esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

needed

esm-infra/focal

needed

esm-infra/xenial

needs-triage

jammy

released

1:9.18.39-0ubuntu0.22.04.2
noble

released

1:9.18.39-0ubuntu0.24.04.2
plucky

released

1:9.20.11-0ubuntu0.2
questing

released

1:9.20.11-1ubuntu2.1
upstream

released

9.18.41,9.20.15,9.21.14

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

needs-triage

jammy

needs-triage

noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

needs-triage

esm-apps/noble

needs-triage

esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

needs-triage

esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
jammy

not-affected

code not present
noble

needs-triage

plucky

needs-triage

questing

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 0%
0.00008
Низкий

8.6 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-40778

CVSS3: 8.6
nvd
19 дней назад

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

msrc логотип

CVE-2025-40778

msrc
16 дней назад

Cache poisoning attacks with unsolicited RRs

debian логотип

CVE-2025-40778

CVSS3: 8.6
debian
19 дней назад

Under certain circumstances, BIND is too lenient when accepting record ...

github логотип

GHSA-xmqp-6cj2-2hh3

CVSS3: 8.6
github
19 дней назад

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

oracle-oval логотип

ELSA-2025-19835

oracle-oval
5 дней назад

ELSA-2025-19835: bind security update (IMPORTANT)

EPSS

Процентиль: 0%
0.00008
Низкий

8.6 High

CVSS3