{"id":"USN-7836-1","summary":"bind9 vulnerabilities","details":"Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain\nmalformed DNSKEY records. A remote attacker could possibly use this issue\nto cause Bind to consume resources, resulting in a denial of service.\n(CVE-2025-8677)\n\nYuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Bind\nincorrectly accepted certain records from answers. A remote attacker could\npossibly use this issue to perform a cache poisoning attack.\n(CVE-2025-40778)\n\nAmit Klein and Omer Ben Simhon discovered that Bind used a weak PRNG. A\nremote attacker could possibly use this issue to perform a cache poisoning\nattack. (CVE-2025-40780)","modified":"2026-04-27T18:23:54.658984Z","published":"2025-10-22T17:03:53Z","related":["UBUNTU-CVE-2025-40778","UBUNTU-CVE-2025-40780","UBUNTU-CVE-2025-8677"],"upstream":["CVE-2025-40778","CVE-2025-40780","CVE-2025-8677","UBUNTU-CVE-2025-40778","UBUNTU-CVE-2025-40780","UBUNTU-CVE-2025-8677"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7836-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-8677"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-40778"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-40780"}],"affected":[{"package":{"name":"bind9","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/bind9@1:9.18.39-0ubuntu0.22.04.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.18.39-0ubuntu0.22.04.2"}]}],"versions":["1:9.16.15-1ubuntu1","1:9.16.15-1ubuntu2","1:9.16.15-1ubuntu3","1:9.18.0-2ubuntu1","1:9.18.0-2ubuntu2","1:9.18.0-2ubuntu3","1:9.18.1-1ubuntu1","1:9.18.1-1ubuntu1.1","1:9.18.1-1ubuntu1.2","1:9.18.1-1ubuntu1.3","1:9.18.12-0ubuntu0.22.04.1","1:9.18.12-0ubuntu0.22.04.2","1:9.18.12-0ubuntu0.22.04.3","1:9.18.18-0ubuntu0.22.04.1","1:9.18.18-0ubuntu0.22.04.2","1:9.18.24-0ubuntu0.22.04.1","1:9.18.28-0ubuntu0.22.04.1","1:9.18.30-0ubuntu0.22.04.1","1:9.18.30-0ubuntu0.22.04.2","1:9.18.39-0ubuntu0.22.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:9.18.39-0ubuntu0.22.04.2","binary_name":"bind9"},{"binary_version":"1:9.18.39-0ubuntu0.22.04.2","binary_name":"bind9-dnsutils"},{"binary_version":"1:9.18.39-0ubuntu0.22.04.2","binary_name":"bind9-host"},{"binary_version":"1:9.18.39-0ubuntu0.22.04.2","binary_name":"bind9-libs"},{"binary_version":"1:9.18.39-0ubuntu0.22.04.2","binary_name":"bind9-utils"},{"binary_version":"1:9.18.39-0ubuntu0.22.04.2","binary_name":"bind9utils"},{"binary_version":"1:9.18.39-0ubuntu0.22.04.2","binary_name":"dnsutils"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2025-8677","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-40778","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-40780","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7836-1.json"}},{"package":{"name":"bind9","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/bind9@1:9.18.39-0ubuntu0.24.04.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.18.39-0ubuntu0.24.04.2"}]}],"versions":["1:9.18.18-0ubuntu2","1:9.18.21-0ubuntu1","1:9.18.24-0ubuntu3","1:9.18.24-0ubuntu4","1:9.18.24-0ubuntu5","1:9.18.28-0ubuntu0.24.04.1","1:9.18.30-0ubuntu0.24.04.1","1:9.18.30-0ubuntu0.24.04.2","1:9.18.39-0ubuntu0.24.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:9.18.39-0ubuntu0.24.04.2","binary_name":"bind9"},{"binary_version":"1:9.18.39-0ubuntu0.24.04.2","binary_name":"bind9-dnsutils"},{"binary_version":"1:9.18.39-0ubuntu0.24.04.2","binary_name":"bind9-host"},{"binary_version":"1:9.18.39-0ubuntu0.24.04.2","binary_name":"bind9-libs"},{"binary_version":"1:9.18.39-0ubuntu0.24.04.2","binary_name":"bind9-utils"},{"binary_version":"1:9.18.39-0ubuntu0.24.04.2","binary_name":"bind9utils"},{"binary_version":"1:9.18.39-0ubuntu0.24.04.2","binary_name":"dnsutils"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"id":"CVE-2025-8677","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-40778","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-40780","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7836-1.json"}},{"package":{"name":"bind9","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/bind9@1:9.20.11-1ubuntu2.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.20.11-1ubuntu2.1"}]}],"versions":["1:9.20.4-3ubuntu1","1:9.20.4-3ubuntu2","1:9.20.4-3ubuntu3","1:9.20.9-2ubuntu1","1:9.20.10-1ubuntu1","1:9.20.11-1ubuntu1","1:9.20.11-1ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:9.20.11-1ubuntu2.1","binary_name":"bind9"},{"binary_version":"1:9.20.11-1ubuntu2.1","binary_name":"bind9-dnsutils"},{"binary_version":"1:9.20.11-1ubuntu2.1","binary_name":"bind9-host"},{"binary_version":"1:9.20.11-1ubuntu2.1","binary_name":"bind9-libs"},{"binary_version":"1:9.20.11-1ubuntu2.1","binary_name":"bind9-utils"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"id":"CVE-2025-8677","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-40778","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-40780","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7836-1.json"}}],"schema_version":"1.7.5"}