INFSA-2025:19835: bind security update
Information about definition
Identificator: INFSA-2025:19835
Type: security
Release date: 2025-11-07 21:31:07 UTC
Information about package
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Vulnerabilities description
- CVE-2025-40778
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-40778
|
no information | 8.6 | no information |
Updated packages
Preparing to download...