CVE-2025-8677

CVSS v2.0

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions BIND versions 9.18.0 through 9.18.39 BIND versions 9.20.0 through 9.20.13 BIND versions 9.21.0 through 9.21.12 BIND versions 9.18.11-S1 through 9.18.39-S1 BIND versions 9.20.9-S1 through 9.20.13-S1

Description Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.

Recommendations Update BIND to a version later than 9.18.39. Update BIND to a version later than 9.20.13. Update BIND to a version later than 9.21.12. Update BIND to a version later than 9.18.39-S1. Update BIND to a version later than 9.20.13-S1.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-405

Related Identifiers

ALSA-2025:19912

ALSA-2025:19950

ALSA-2025:21034

ALSA-2025:21111

ALT-PU-2025-13369

BDU:2025-14392

CESA-2025_19835

CVE-2025-8677

DLA-4364-1

DSA-6033-1

INFSA-2025_21111

MGASA-2025-0254

OESA-2025-2654

RHSA-2025:19912

RHSA-2025:19950

RHSA-2025:21034

RHSA-2025:21111

RHSA-2025_19835

RHSA-2025_19950

RHSA-2025_21111

SUSE-SU-2025:4110-1

USN-7836-1

USN-7836-2

Affected Products

Alt Linux

Almalinux

Bind

Centos

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-8677

Weakness Enumeration

Related Identifiers

Affected Products

References · 73