High severity7.5NVD Advisory· Published May 21, 2025· Updated Apr 15, 2026
CVE-2025-40775
CVE-2025-40775
Description
When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords3 versionspkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweedpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7
< 9.20.9-1.1+ 2 more
- (no CPE)range: < 9.20.9-1.1
- (no CPE)range: < 9.20.9-150700.3.3.1
- (no CPE)range: < 9.20.9-150700.3.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.