DEBIAN-CVE-2025-40778

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-40778
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-40778.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-40778
Upstream
  • CVE-2025-40778
Downstream
Published
2025-10-22T16:15:42Z
Modified
2025-10-25T05:03:45.343758Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

References

Affected packages

Debian:11 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:9.*

1:9.16.15-1
1:9.16.21-1
1:9.16.21-1+hurd.1
1:9.16.22-1~deb11u1~bpo10+1
1:9.16.22-1~deb11u1
1:9.16.27-1~deb11u1~bpo10+1
1:9.16.27-1~deb11u1
1:9.16.33-1~deb11u1
1:9.16.37-1~deb11u1
1:9.16.42-1~deb11u1
1:9.16.44-1~deb11u1
1:9.16.48-1
1:9.16.50-1~deb11u1
1:9.16.50-1~deb11u2
1:9.16.50-1~deb11u3
1:9.17.19-1
1:9.17.19-2
1:9.17.19-3
1:9.17.20-2
1:9.17.20-3
1:9.17.21-1
1:9.17.22-1
1:9.18.0~0+git28350c-1
1:9.18.0-1
1:9.18.0-2
1:9.18.1-1
1:9.18.2-1
1:9.18.3-1
1:9.18.4-1
1:9.18.4-2~bpo11+1
1:9.18.4-2
1:9.18.6-1
1:9.18.6-2
1:9.18.7-1
1:9.18.8-1~bpo11+1
1:9.18.8-1
1:9.18.10-1
1:9.18.10-2~bpo11+1
1:9.18.10-2
1:9.18.11-1
1:9.18.11-2~bpo11+1
1:9.18.11-2
1:9.18.12-1~bpo11+1
1:9.18.12-1
1:9.18.13-1
1:9.18.16-1~deb12u1~bpo11+1
1:9.18.16-1~deb12u1
1:9.18.16-1
1:9.18.19-1~deb12u1~bpo11+1
1:9.18.19-1~deb12u1
1:9.18.24-1~bpo11+1
1:9.18.24-1
1:9.18.28-1~deb12u1
1:9.18.28-1~deb12u2
1:9.18.33-1~deb12u2
1:9.18.41-1~deb12u1
1:9.19.6-1
1:9.19.6-2
1:9.19.10-1
1:9.19.11-1
1:9.19.14-1
1:9.19.17-1
1:9.19.19-1
1:9.19.21-1
1:9.19.24-2
1:9.19.24-185-g392e7199df2-1
1:9.20.0-1
1:9.20.0-2
1:9.20.1-1
1:9.20.2-1
1:9.20.3-1
1:9.20.4-2
1:9.20.4-3
1:9.20.4-4
1:9.20.5-1
1:9.20.7-1
1:9.20.8-1
1:9.20.8-2
1:9.20.8-3
1:9.20.8-4
1:9.20.8-5
1:9.20.8-6
1:9.20.9-1
1:9.20.9-2
1:9.20.10-1
1:9.20.11-1
1:9.20.11-2
1:9.20.11-3
1:9.20.11-4~bpo12+1
1:9.20.11-4
1:9.20.15-1~deb13u1
1:9.20.15-1
1:9.21.0-1
1:9.21.1-1
1:9.21.3-1
1:9.21.6-1
1:9.21.7-1
1:9.21.9-1
1:9.21.10-1
1:9.21.10-2
1:9.21.10-4
1:9.21.10-5
1:9.21.10-6
1:9.21.10-7
1:9.21.10-8
1:9.21.10-9
1:9.21.10-10
1:9.21.14-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.18.41-1~deb12u1

Affected versions

1:9.*

1:9.18.12-1
1:9.18.13-1
1:9.18.16-1~deb12u1~bpo11+1
1:9.18.16-1~deb12u1
1:9.18.16-1
1:9.18.19-1~deb12u1~bpo11+1
1:9.18.19-1~deb12u1
1:9.18.24-1~bpo11+1
1:9.18.24-1
1:9.18.28-1~deb12u1
1:9.18.28-1~deb12u2
1:9.18.33-1~deb12u2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.20.15-1~deb13u1

Affected versions

1:9.*

1:9.20.11-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.20.15-1

Affected versions

1:9.*

1:9.20.11-4
1:9.20.15-1~deb13u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}