CVE-2025-40775

CVE-2025-40775

Name

CVE-2025-40775

Description

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://kb.isc.org/docs/cve-2025-40775
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/05/21/1
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250523-0001/

Type

URI

vendor-advisory

https://kb.isc.org/docs/cve-2025-40775

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/05/21/1

af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20250523-0001/

CPE URI	Source package	Min version	Max version
	bind-9	>= 9.20.0	<= 9.20.8
	bind-9	>= 9.21.0	<= 9.21.7

CPE URI

Source package

Min version

Max version

bind-9

>= 9.20.0

<= 9.20.8

bind-9

>= 9.21.0

<= 9.21.7

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
bind	edge-main	9.20.9-r0	Mike Crute <mike@crute.us>	fixed
bind	3.22-main	9.20.9-r0	None	fixed
bind	3.21-main	9.18.37-r0	Mike Crute <mike@crute.us>	fixed
bind	3.20-main	9.18.37-r0	Mike Crute <mike@crute.us>	fixed
bind	3.19-main	9.18.37-r0	Mike Crute <mike@crute.us>	fixed
bind	3.18-main	9.18.37-r0	Mike Crute <mike@crute.us>	fixed

Source package

Branch

Version

Maintainer

Status

bind

edge-main

9.20.9-r0

Mike Crute <mike@crute.us>

fixed

bind

3.22-main