Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68742.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-68742
Upstream
  • CVE-2025-8677
Published
2025-10-22T16:15:46Z
Modified
2026-04-21T04:38:29.093112Z
Summary
CVE-2025-8677 affecting package bind for versions less than 9.20.15-1
Details

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

References

Affected packages

Azure Linux:3 / bind

Package

Name
bind
Purl
pkg:rpm/azure-linux/bind

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.20.15-1

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68742.json"