CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.isc.org/docs/cve-2025-40775
http://www.openwall.com/lists/oss-security/2025/05/21/1
https://security.netapp.com/advisory/ntap-20250523-0001/

Configurations

No configuration.

History

23 May 2025, 14:15

Type	Values Removed	Values Added
Summary		(es) Cuando un mensaje entrante del protocolo DNS incluye una Firma de Transacción (TSIG), BIND siempre la comprueba. Si la TSIG contiene un valor no válido en el campo de algoritmo, BIND cancela inmediatamente la operación con un error de aserción. Este problema afecta a las versiones de BIND 9, de la 9.20.0 a la 9.20.8 y de la 9.21.0 a la 9.21.7.
References		() https://security.netapp.com/advisory/ntap-20250523-0001/ -

21 May 2025, 15:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/05/21/1 -

21 May 2025, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-21 13:16

Updated : 2025-05-23 14:15

NVD link : CVE-2025-40775

Mitre link : CVE-2025-40775

CVE.ORG link : CVE-2025-40775

JSON object : View

Products Affected

No product.

CWE

CWE-232

Improper Handling of Undefined Values

7.5 /10