Vulnerability-Lookup

OPENSUSE-SU-2026:20039-1

Vulnerability from csaf_opensuse - Published: 2026-01-15 10:43 - Updated: 2026-01-15 10:43

Summary

Security update for bind

Notes

Title of the patch

Security update for bind

Description of the patch

This update for bind fixes the following issues: - Upgrade to release 9.20.15 Security Fixes: * CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs (bsc#1252379) * CVE-2025-40780: Fixed cache poisoning due to weak PRNG (bsc#1252380) * CVE-2025-8677: Fixed resource exhaustion via malformed DNSKEY handling (bsc#1252378) New Features: * Add dnssec-policy keys configuration check to named-checkconf. * Add a new option `manual-mode` to dnssec-policy. * Add a new option `servfail-until-ready` to response-policy zones. * Support for parsing HHIT and BRID records has been added. * Support for parsing DSYNC records has been added. Removed Features: * Deprecate the `tkey-gssapi-credential` statement. * Obsolete the `tkey-domain` statement. Feature Changes: * Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS digest type 1. Bug Fixes: * Missing DNSSEC information when CD bit is set in query. * rndc sign during ZSK rollover will now replace signatures. * Use signer name when disabling DNSSEC algorithms. * Preserve cache when reload fails and reload the server again. * Prevent spurious SERVFAILs for certain 0-TTL resource records. * Fix unexpected termination if catalog-zones had undefined `default-primaries`. * Stale RRsets in a CNAME chain were not always refreshed. * Add RPZ extended DNS error for zones with a CNAME override policy configured. * Fix dig +keepopen option. * Log dropped or slipped responses in the query-errors category. * Fix synth-from-dnssec not working in some scenarios. * Clean enough memory when adding new ADB names/entries under memory pressure. * Prevent spurious validation failures. * Ensure file descriptors 0-2 are in use before using libuv [bsc#1230649]

Patchnames

openSUSE-Leap-16.0-144

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for bind",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for bind fixes the following issues:\n\n- Upgrade to release 9.20.15\n  Security Fixes:\n  * CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs (bsc#1252379)\n  * CVE-2025-40780: Fixed cache poisoning due to weak PRNG (bsc#1252380)\n  * CVE-2025-8677: Fixed resource exhaustion via malformed DNSKEY handling (bsc#1252378)\n\n  New Features:\n  * Add dnssec-policy keys configuration check to named-checkconf.\n  * Add a new option `manual-mode` to dnssec-policy.\n  * Add a new option `servfail-until-ready` to response-policy\n    zones.\n  * Support for parsing HHIT and BRID records has been added.\n  * Support for parsing DSYNC records has been added.\n\n  Removed Features:\n  * Deprecate the `tkey-gssapi-credential` statement.\n  * Obsolete the `tkey-domain` statement.\n\n  Feature Changes:\n  * Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS\n    digest type 1.\n\n  Bug Fixes:\n  * Missing DNSSEC information when CD bit is set in query.\n  * rndc sign during ZSK rollover will now replace signatures.\n  * Use signer name when disabling DNSSEC algorithms.\n  * Preserve cache when reload fails and reload the server again.\n  * Prevent spurious SERVFAILs for certain 0-TTL resource records.\n  * Fix unexpected termination if catalog-zones had undefined\n    `default-primaries`.\n  * Stale RRsets in a CNAME chain were not always refreshed.\n  * Add RPZ extended DNS error for zones with a CNAME override\n    policy configured.\n  * Fix dig +keepopen option.\n  * Log dropped or slipped responses in the query-errors category.\n  * Fix synth-from-dnssec not working in some scenarios.\n  * Clean enough memory when adding new ADB names/entries under\n    memory pressure.\n  * Prevent spurious validation failures.\n  * Ensure file descriptors 0-2 are in use before using libuv\n    [bsc#1230649]\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-144",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20039-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230649",
        "url": "https://bugzilla.suse.com/1230649"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252378",
        "url": "https://bugzilla.suse.com/1252378"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252379",
        "url": "https://bugzilla.suse.com/1252379"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252380",
        "url": "https://bugzilla.suse.com/1252380"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40778 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40778/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40780 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40780/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8677 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8677/"
      }
    ],
    "title": "Security update for bind",
    "tracking": {
      "current_release_date": "2026-01-15T10:43:49Z",
      "generator": {
        "date": "2026-01-15T10:43:49Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:20039-1",
      "initial_release_date": "2026-01-15T10:43:49Z",
      "revision_history": [
        {
          "date": "2026-01-15T10:43:49Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.15-160000.1.1.aarch64",
                "product": {
                  "name": "bind-9.20.15-160000.1.1.aarch64",
                  "product_id": "bind-9.20.15-160000.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
                "product": {
                  "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
                  "product_id": "bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-generic-9.20.15-160000.1.1.aarch64",
                "product": {
                  "name": "bind-modules-generic-9.20.15-160000.1.1.aarch64",
                  "product_id": "bind-modules-generic-9.20.15-160000.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-ldap-9.20.15-160000.1.1.aarch64",
                "product": {
                  "name": "bind-modules-ldap-9.20.15-160000.1.1.aarch64",
                  "product_id": "bind-modules-ldap-9.20.15-160000.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-mysql-9.20.15-160000.1.1.aarch64",
                "product": {
                  "name": "bind-modules-mysql-9.20.15-160000.1.1.aarch64",
                  "product_id": "bind-modules-mysql-9.20.15-160000.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-perl-9.20.15-160000.1.1.aarch64",
                "product": {
                  "name": "bind-modules-perl-9.20.15-160000.1.1.aarch64",
                  "product_id": "bind-modules-perl-9.20.15-160000.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
                "product": {
                  "name": "bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
                  "product_id": "bind-modules-sqlite3-9.20.15-160000.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.15-160000.1.1.aarch64",
                "product": {
                  "name": "bind-utils-9.20.15-160000.1.1.aarch64",
                  "product_id": "bind-utils-9.20.15-160000.1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-doc-9.20.15-160000.1.1.noarch",
                "product": {
                  "name": "bind-doc-9.20.15-160000.1.1.noarch",
                  "product_id": "bind-doc-9.20.15-160000.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.15-160000.1.1.ppc64le",
                "product": {
                  "name": "bind-9.20.15-160000.1.1.ppc64le",
                  "product_id": "bind-9.20.15-160000.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
                "product": {
                  "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
                  "product_id": "bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-generic-9.20.15-160000.1.1.ppc64le",
                "product": {
                  "name": "bind-modules-generic-9.20.15-160000.1.1.ppc64le",
                  "product_id": "bind-modules-generic-9.20.15-160000.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
                "product": {
                  "name": "bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
                  "product_id": "bind-modules-ldap-9.20.15-160000.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
                "product": {
                  "name": "bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
                  "product_id": "bind-modules-mysql-9.20.15-160000.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-perl-9.20.15-160000.1.1.ppc64le",
                "product": {
                  "name": "bind-modules-perl-9.20.15-160000.1.1.ppc64le",
                  "product_id": "bind-modules-perl-9.20.15-160000.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
                "product": {
                  "name": "bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
                  "product_id": "bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.15-160000.1.1.ppc64le",
                "product": {
                  "name": "bind-utils-9.20.15-160000.1.1.ppc64le",
                  "product_id": "bind-utils-9.20.15-160000.1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.15-160000.1.1.s390x",
                "product": {
                  "name": "bind-9.20.15-160000.1.1.s390x",
                  "product_id": "bind-9.20.15-160000.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
                "product": {
                  "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
                  "product_id": "bind-modules-bdbhpt-9.20.15-160000.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-generic-9.20.15-160000.1.1.s390x",
                "product": {
                  "name": "bind-modules-generic-9.20.15-160000.1.1.s390x",
                  "product_id": "bind-modules-generic-9.20.15-160000.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-ldap-9.20.15-160000.1.1.s390x",
                "product": {
                  "name": "bind-modules-ldap-9.20.15-160000.1.1.s390x",
                  "product_id": "bind-modules-ldap-9.20.15-160000.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-mysql-9.20.15-160000.1.1.s390x",
                "product": {
                  "name": "bind-modules-mysql-9.20.15-160000.1.1.s390x",
                  "product_id": "bind-modules-mysql-9.20.15-160000.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-perl-9.20.15-160000.1.1.s390x",
                "product": {
                  "name": "bind-modules-perl-9.20.15-160000.1.1.s390x",
                  "product_id": "bind-modules-perl-9.20.15-160000.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
                "product": {
                  "name": "bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
                  "product_id": "bind-modules-sqlite3-9.20.15-160000.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.15-160000.1.1.s390x",
                "product": {
                  "name": "bind-utils-9.20.15-160000.1.1.s390x",
                  "product_id": "bind-utils-9.20.15-160000.1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.15-160000.1.1.x86_64",
                "product": {
                  "name": "bind-9.20.15-160000.1.1.x86_64",
                  "product_id": "bind-9.20.15-160000.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
                "product": {
                  "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
                  "product_id": "bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-generic-9.20.15-160000.1.1.x86_64",
                "product": {
                  "name": "bind-modules-generic-9.20.15-160000.1.1.x86_64",
                  "product_id": "bind-modules-generic-9.20.15-160000.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-ldap-9.20.15-160000.1.1.x86_64",
                "product": {
                  "name": "bind-modules-ldap-9.20.15-160000.1.1.x86_64",
                  "product_id": "bind-modules-ldap-9.20.15-160000.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-mysql-9.20.15-160000.1.1.x86_64",
                "product": {
                  "name": "bind-modules-mysql-9.20.15-160000.1.1.x86_64",
                  "product_id": "bind-modules-mysql-9.20.15-160000.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-perl-9.20.15-160000.1.1.x86_64",
                "product": {
                  "name": "bind-modules-perl-9.20.15-160000.1.1.x86_64",
                  "product_id": "bind-modules-perl-9.20.15-160000.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
                "product": {
                  "name": "bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
                  "product_id": "bind-modules-sqlite3-9.20.15-160000.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.15-160000.1.1.x86_64",
                "product": {
                  "name": "bind-utils-9.20.15-160000.1.1.x86_64",
                  "product_id": "bind-utils-9.20.15-160000.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.20.15-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64"
        },
        "product_reference": "bind-9.20.15-160000.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.20.15-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le"
        },
        "product_reference": "bind-9.20.15-160000.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.20.15-160000.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x"
        },
        "product_reference": "bind-9.20.15-160000.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.20.15-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64"
        },
        "product_reference": "bind-9.20.15-160000.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-doc-9.20.15-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch"
        },
        "product_reference": "bind-doc-9.20.15-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64"
        },
        "product_reference": "bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le"
        },
        "product_reference": "bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x"
        },
        "product_reference": "bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64"
        },
        "product_reference": "bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-generic-9.20.15-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64"
        },
        "product_reference": "bind-modules-generic-9.20.15-160000.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-generic-9.20.15-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le"
        },
        "product_reference": "bind-modules-generic-9.20.15-160000.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-generic-9.20.15-160000.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x"
        },
        "product_reference": "bind-modules-generic-9.20.15-160000.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-generic-9.20.15-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64"
        },
        "product_reference": "bind-modules-generic-9.20.15-160000.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-ldap-9.20.15-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64"
        },
        "product_reference": "bind-modules-ldap-9.20.15-160000.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-ldap-9.20.15-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le"
        },
        "product_reference": "bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-ldap-9.20.15-160000.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x"
        },
        "product_reference": "bind-modules-ldap-9.20.15-160000.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-ldap-9.20.15-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64"
        },
        "product_reference": "bind-modules-ldap-9.20.15-160000.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-mysql-9.20.15-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64"
        },
        "product_reference": "bind-modules-mysql-9.20.15-160000.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-mysql-9.20.15-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le"
        },
        "product_reference": "bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-mysql-9.20.15-160000.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x"
        },
        "product_reference": "bind-modules-mysql-9.20.15-160000.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-mysql-9.20.15-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64"
        },
        "product_reference": "bind-modules-mysql-9.20.15-160000.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-perl-9.20.15-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64"
        },
        "product_reference": "bind-modules-perl-9.20.15-160000.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-perl-9.20.15-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le"
        },
        "product_reference": "bind-modules-perl-9.20.15-160000.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-perl-9.20.15-160000.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x"
        },
        "product_reference": "bind-modules-perl-9.20.15-160000.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-perl-9.20.15-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64"
        },
        "product_reference": "bind-modules-perl-9.20.15-160000.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-sqlite3-9.20.15-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64"
        },
        "product_reference": "bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le"
        },
        "product_reference": "bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-sqlite3-9.20.15-160000.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x"
        },
        "product_reference": "bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-modules-sqlite3-9.20.15-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64"
        },
        "product_reference": "bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.20.15-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64"
        },
        "product_reference": "bind-utils-9.20.15-160000.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.20.15-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le"
        },
        "product_reference": "bind-utils-9.20.15-160000.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.20.15-160000.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x"
        },
        "product_reference": "bind-utils-9.20.15-160000.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.20.15-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
        },
        "product_reference": "bind-utils-9.20.15-160000.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-40778",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40778"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40778",
          "url": "https://www.suse.com/security/cve/CVE-2025-40778"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252379 for CVE-2025-40778",
          "url": "https://bugzilla.suse.com/1252379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-15T10:43:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40778"
    },
    {
      "cve": "CVE-2025-40780",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40780"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40780",
          "url": "https://www.suse.com/security/cve/CVE-2025-40780"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252380 for CVE-2025-40780",
          "url": "https://bugzilla.suse.com/1252380"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-15T10:43:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40780"
    },
    {
      "cve": "CVE-2025-8677",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8677"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
          "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8677",
          "url": "https://www.suse.com/security/cve/CVE-2025-8677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252378 for CVE-2025-8677",
          "url": "https://bugzilla.suse.com/1252378"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-doc-9.20.15-160000.1.1.noarch",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-generic-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-ldap-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-mysql-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-perl-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.15-160000.1.1.x86_64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.aarch64",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.ppc64le",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.s390x",
            "openSUSE Leap 16.0:bind-utils-9.20.15-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-15T10:43:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8677"
    }
  ]
}

CVE-2025-8677 (GCVE-0-2025-8677)

Vulnerability from cvelistv5 – Published: 2025-10-22 15:43 – Updated: 2025-11-04 21:15

Title

Resource exhaustion via malformed DNSKEY handling

Summary

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)

Assigner

isc

References

URL

Tags

https://kb.isc.org/docs/cve-2025-8677

vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.18.0 , ≤ 9.18.39 (custom) Affected: 9.20.0 , ≤ 9.20.13 (custom) Affected: 9.21.0 , ≤ 9.21.12 (custom) Affected: 9.18.11-S1 , ≤ 9.18.39-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.13-S1 (custom)

Credits

ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One Security and Privacy Laboratory at Nankai University for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8677",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T17:29:14.290863Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T17:29:39.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:15:09.556Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.18.39",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.12",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One Security and Privacy Laboratory at Nankai University for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2025-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker could overwhelm the server, significantly impacting performance and leading to denial of service for legitimate clients."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T15:43:10.369Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2025-8677",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2025-8677"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Resource exhaustion via malformed DNSKEY handling",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2025-8677",
    "datePublished": "2025-10-22T15:43:10.369Z",
    "dateReserved": "2025-08-06T17:32:34.755Z",
    "dateUpdated": "2025-11-04T21:15:09.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40778 (GCVE-0-2025-40778)

Vulnerability from cvelistv5 – Published: 2025-10-22 15:47 – Updated: 2025-11-07 04:56

Title

Cache poisoning attacks with unsolicited RRs

Summary

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

Assigner

isc

References

URL

Tags

https://kb.isc.org/docs/cve-2025-40778

vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.11.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.39 (custom) Affected: 9.20.0 , ≤ 9.20.13 (custom) Affected: 9.21.0 , ≤ 9.21.12 (custom) Affected: 9.11.3-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.39-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.13-S1 (custom)

Credits

ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan from Tsinghua University for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40778",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-06T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-07T04:56:12.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:10:14.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.12",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.11.3-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan from Tsinghua University for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2025-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Forged records can be injected into cache during a query, which can potentially affect resolution of future queries."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-349",
              "description": "CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T15:47:13.243Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2025-40778",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2025-40778"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Cache poisoning attacks with unsolicited RRs",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2025-40778",
    "datePublished": "2025-10-22T15:47:13.243Z",
    "dateReserved": "2025-04-16T08:44:49.857Z",
    "dateUpdated": "2025-11-07T04:56:12.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40780 (GCVE-0-2025-40780)

Vulnerability from cvelistv5 – Published: 2025-10-22 15:48 – Updated: 2025-11-04 21:10

Title

Cache poisoning due to weak PRNG

Summary

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-341 - Predictable from Observable State

Assigner

isc

References

URL

Tags

https://kb.isc.org/docs/cve-2025-40780

vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.16.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.39 (custom) Affected: 9.20.0 , ≤ 9.20.13 (custom) Affected: 9.21.0 , ≤ 9.21.12 (custom) Affected: 9.16.8-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.39-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.13-S1 (custom)

Credits

ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from Hebrew University of Jerusalem for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T17:27:36.366032Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T17:27:49.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:10:16.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.16.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.12",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.16.8-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.39-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.13-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from Hebrew University of Jerusalem for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2025-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "BIND can be tricked into caching attacker responses, if the spoofing is successful."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-341",
              "description": "CWE-341 Predictable from Observable State",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T15:48:27.146Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2025-40780",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2025-40780"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Cache poisoning due to weak PRNG",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2025-40780",
    "datePublished": "2025-10-22T15:48:27.146Z",
    "dateReserved": "2025-04-16T08:44:49.857Z",
    "dateUpdated": "2025-11-04T21:10:16.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2026:20039-1

CVE-2025-8677 (GCVE-0-2025-8677)

CVE-2025-40778 (GCVE-0-2025-40778)

CVE-2025-40780 (GCVE-0-2025-40780)

Tags

Sightings

Nomenclature