{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-40775", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2025-04-16T08:44:49.856Z", "datePublished": "2025-05-21T12:35:01.862Z", "dateUpdated": "2025-05-23T13:11:08.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-05-21T12:35:01.862Z"}, "title": "DNS message with invalid TSIG causes an assertion failure", "datePublic": "2025-05-21T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.20.0", "lessThanOrEqual": "9.20.8", "status": "affected", "versionType": "custom"}, {"version": "9.21.0", "lessThanOrEqual": "9.21.7", "status": "affected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-232", "description": "CWE-232 Improper Handling of Undefined Values"}]}], "descriptions": [{"lang": "en", "value": "When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial-of-service. By sending specific messages to the server, an attacker can cause `named` to terminate unexpectedly."}]}], "workarounds": [{"lang": "en", "value": "No workarounds known."}], "exploits": [{"lang": "en", "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.9 or 9.21.8."}], "references": [{"url": "https://kb.isc.org/docs/cve-2025-40775", "name": "CVE-2025-40775", "tags": ["vendor-advisory"]}], "source": {"discovery": "INTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-21T13:19:58.662181Z", "id": "CVE-2025-40775", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T13:20:18.795Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/05/21/1"}, {"url": "https://security.netapp.com/advisory/ntap-20250523-0001/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-23T13:11:08.588Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/05/21/1"}, {"url": "https://security.netapp.com/advisory/ntap-20250523-0001/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-23T13:11:08.588Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-40775", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-21T13:19:58.662181Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T13:19:27.982Z"}}], "cna": {"title": "DNS message with invalid TSIG causes an assertion failure", "source": {"discovery": "INTERNAL"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial-of-service. By sending specific messages to the server, an attacker can cause `named` to terminate unexpectedly."}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"status": "affected", "version": "9.20.0", "versionType": "custom", "lessThanOrEqual": "9.20.8"}, {"status": "affected", "version": "9.21.0", "versionType": "custom", "lessThanOrEqual": "9.21.7"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.9 or 9.21.8."}], "datePublic": "2025-05-21T00:00:00.000Z", "references": [{"url": "https://kb.isc.org/docs/cve-2025-40775", "name": "CVE-2025-40775", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "No workarounds known."}], "descriptions": [{"lang": "en", "value": "When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-232", "description": "CWE-232 Improper Handling of Undefined Values"}]}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-05-21T12:35:01.862Z"}}}, "cveMetadata": {"cveId": "CVE-2025-40775", "state": "PUBLISHED", "dateUpdated": "2025-05-23T13:11:08.588Z", "dateReserved": "2025-04-16T08:44:49.856Z", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2025-05-21T12:35:01.862Z", "assignerShortName": "isc"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7."}, {"lang": "es", "value": "Cuando un mensaje entrante del protocolo DNS incluye una Firma de Transacci\u00f3n (TSIG), BIND siempre la comprueba. Si la TSIG contiene un valor no v\u00e1lido en el campo de algoritmo, BIND cancela inmediatamente la operaci\u00f3n con un error de aserci\u00f3n. Este problema afecta a las versiones de BIND 9, de la 9.20.0 a la 9.20.8 y de la 9.21.0 a la 9.21.7."}], "id": "CVE-2025-40775", "lastModified": "2025-05-23T14:15:28.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2025-05-21T13:16:02.623", "references": [{"source": "security-officer@isc.org", "url": "https://kb.isc.org/docs/cve-2025-40775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/05/21/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250523-0001/"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-232"}], "source": "security-officer@isc.org", "type": "Secondary"}]}

{"bugzilla": {"description": "bind: DNS message with invalid TSIG causes an assertion failure", "id": "2367442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367442"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-617", "details": ["When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.", "An assertion failure vulnerability was found in the BIND package. When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. By sending specific messages to the server, an attacker can cause named to terminate unexpectedly, causing a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-40775", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind9.16", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bind9.18", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40775\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40775"], "statement": "No Red Hat products or offerings are affected by this vulnerability as the affected code is not used in Red Hat systems.\nAlthough Red Hat does not ship this vulnerable code, we rated the impact of this vulnerability for the upstream community users marked as Important rather than a Moderate flaw because it triggers an assertion failure within BIND's core DNS handling logic, specifically in the TSIG validation path. Unlike typical input validation errors, which might allow an attacker to manipulate a single query's processing, this bug results in a complete and immediate crash of the named daemon. Since both authoritative servers and resolvers perform TSIG verification, the vulnerability can be exploited remotely by an unauthenticated attacker to cause repeated service outages, effectively disrupting DNS resolution for entire domains or networks.", "threat_severity": "Important"}