CVE-2025-40777

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions BIND versions 9.20.0 through 9.20.10 BIND versions 9.21.0 through 9.21.9 BIND versions 9.20.9-S1 through 9.20.10-S1

Description If a named caching resolver is configured with serve-stale-enable set to yes, and with stale-answer-client-timeout set to 0, and if the resolver encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.

Recommendations Update BIND to a version beyond 9.20.10, 9.21.9, and 9.20.10-S1.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

AZL-65553

CVE-2025-40777

OPENSUSE-SU-2025:15354-1

SUSE-SU-2025:02349-1

SUSE-SU-2025_02349-1

USN-7641-1

Affected Products

Bind

Debian

Suse

Ubuntu

CVE-2025-40777

Weakness Enumeration

Related Identifiers

Affected Products

References · 39