CVE-2025-40778

Name	CVE-2025-40778
Description	Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-6033-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
bind9 (PTS)	bullseye	1:9.16.50-1~deb11u2	vulnerable
	bullseye (security)	1:9.16.50-1~deb11u3	vulnerable
	bookworm	1:9.18.33-1~deb12u2	vulnerable
	bookworm (security)	1:9.18.41-1~deb12u1	fixed
	trixie	1:9.20.11-4	vulnerable
	trixie (security)	1:9.20.15-1~deb13u1	fixed
	forky, sid	1:9.20.15-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
bind9	source	bookworm	1:9.18.41-1~deb12u1	DSA-6033-1
bind9	source	trixie	1:9.20.15-1~deb13u1	DSA-6033-1
bind9	source	(unstable)	1:9.20.15-1

Notes

https://kb.isc.org/docs/cve-2025-40778
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/196732041318b931b6fa97f18077117b3b548d18 (v9.20.15)
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/ab97f6e9f4405b61ba2051363104fc812cac5270 (v9.20.15)
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/a266f329e908313c5669a45751bd1cd84f3bd95b (v9.20.15)
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/025d61bacd0f57f994a631654aff7a933d89a547 (v9.18.41)
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/cd17dfe696cdf9b8ef23fbc8738de7c79f957846 (v9.18.41)
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/4c6d03b0bb2ffbafcde8e8a5bc0e49908b978a72 (v9.18.41)