CVE-2025-40777
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 (the only allowable value other than disabled), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND 9 | 9.20.0 <= 9.20.10 | affected |
| ISC | BIND 9 | 9.21.0 <= 9.21.9 | affected |
| ISC | BIND 9 | 9.20.9-S1 <= 9.20.10-S1 | affected |
| ISC | BIND 9 | 9.18.0 <= 9.18.37 | unaffected |
| ISC | BIND 9 | 9.18.11-S1 <= 9.18.37-S1 | unaffected |
Weaknesses
- CWE-617: CWE-617 Reachable Assertion
Workarounds
Setting either of stale-answer-client-timeout off; or stale-answer-enable no; in the configuration file will prevent the assertion.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.