CVE-2025-40775

Summary

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.

Affected Software

VendorProductVersion RangeStatus
ISCBIND 99.20.0 <= 9.20.8affected
ISCBIND 99.21.0 <= 9.21.7affected

Weaknesses

  • CWE-232: CWE-232 Improper Handling of Undefined Values

Workarounds

No workarounds known.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References