7.5
CVE-2025-40777
- EPSS 0.02%
- Veröffentlicht 16.07.2025 17:38:06
- Zuletzt bearbeitet 17.07.2025 21:15:50
- Quelle security-officer@isc.org
- Teams Watchlist Login
- Unerledigt Login
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerISC
≫
Produkt
BIND 9
Default Statusunaffected
Version <=
9.20.10
Version
9.20.0
Status
affected
Version <=
9.21.9
Version
9.21.0
Status
affected
Version <=
9.20.10-S1
Version
9.20.9-S1
Status
affected
Version <=
9.18.37
Version
9.18.0
Status
unaffected
Version <=
9.18.37-S1
Version
9.18.11-S1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.043 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-officer@isc.org | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.