{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-40777", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2025-04-16T08:44:49.856Z", "datePublished": "2025-07-16T17:38:06.370Z", "dateUpdated": "2025-07-18T14:25:48.883Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-07-16T17:38:06.370Z"}, "title": "A possible assertion failure when 'stale-answer-client-timeout' is set to '0'", "datePublic": "2025-07-16T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.20.0", "lessThanOrEqual": "9.20.10", "status": "affected", "versionType": "custom"}, {"version": "9.21.0", "lessThanOrEqual": "9.21.9", "status": "affected", "versionType": "custom"}, {"version": "9.20.9-S1", "lessThanOrEqual": "9.20.10-S1", "status": "affected", "versionType": "custom"}, {"version": "9.18.0", "lessThanOrEqual": "9.18.37", "status": "unaffected", "versionType": "custom"}, {"version": "9.18.11-S1", "lessThanOrEqual": "9.18.37-S1", "status": "unaffected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "descriptions": [{"lang": "en", "value": "If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1."}], "impacts": [{"descriptions": [{"lang": "en", "value": "If an attacker is able to make queries that yield the necessary combination of circumstances, they can force `named` to exit."}]}], "workarounds": [{"lang": "en", "value": "Setting either of `stale-answer-client-timeout off;` or `stale-answer-enable no;` in the configuration file will prevent the assertion."}], "exploits": [{"lang": "en", "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.11, 9.21.10, or 9.20.11-S1."}], "references": [{"url": "https://kb.isc.org/docs/cve-2025-40777", "name": "CVE-2025-40777", "tags": ["vendor-advisory"]}], "source": {"discovery": "INTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-18T14:25:41.033326Z", "id": "CVE-2025-40777", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:25:48.883Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-40777", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-18T14:25:41.033326Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:25:45.462Z"}}], "cna": {"title": "A possible assertion failure when 'stale-answer-client-timeout' is set to '0'", "source": {"discovery": "INTERNAL"}, "impacts": [{"descriptions": [{"lang": "en", "value": "If an attacker is able to make queries that yield the necessary combination of circumstances, they can force `named` to exit."}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"status": "affected", "version": "9.20.0", "versionType": "custom", "lessThanOrEqual": "9.20.10"}, {"status": "affected", "version": "9.21.0", "versionType": "custom", "lessThanOrEqual": "9.21.9"}, {"status": "affected", "version": "9.20.9-S1", "versionType": "custom", "lessThanOrEqual": "9.20.10-S1"}, {"status": "unaffected", "version": "9.18.0", "versionType": "custom", "lessThanOrEqual": "9.18.37"}, {"status": "unaffected", "version": "9.18.11-S1", "versionType": "custom", "lessThanOrEqual": "9.18.37-S1"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.11, 9.21.10, or 9.20.11-S1."}], "datePublic": "2025-07-16T00:00:00.000Z", "references": [{"url": "https://kb.isc.org/docs/cve-2025-40777", "name": "CVE-2025-40777", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Setting either of `stale-answer-client-timeout off;` or `stale-answer-enable no;` in the configuration file will prevent the assertion."}], "descriptions": [{"lang": "en", "value": "If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-07-16T17:38:06.370Z"}}}, "cveMetadata": {"cveId": "CVE-2025-40777", "state": "PUBLISHED", "dateUpdated": "2025-07-18T14:25:48.883Z", "dateReserved": "2025-04-16T08:44:49.856Z", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2025-07-16T17:38:06.370Z", "assignerShortName": "isc"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1."}, {"lang": "es", "value": "Si un solucionador de cach\u00e9 con nombre est\u00e1 configurado con `serve-stale-enable` `yes` y con `stale-answer-client-timeout` establecido en `0` (el \u00fanico valor permitido aparte de `disabled`), y si el solucionador, al resolver una consulta, encuentra una cadena CNAME que involucra una combinaci\u00f3n espec\u00edfica de registros en cach\u00e9 o autorizados, el daemon se interrumpir\u00e1 con un error de aserci\u00f3n. Este problema afecta a las versiones de BIND 9 de la 9.20.0 a la 9.20.10, de la 9.21.0 a la 9.21.9 y de la 9.20.9-S1 a la 9.20.10-S1."}], "id": "CVE-2025-40777", "lastModified": "2025-07-17T21:15:50.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Primary"}]}, "published": "2025-07-16T18:15:24.770", "references": [{"source": "security-officer@isc.org", "url": "https://kb.isc.org/docs/cve-2025-40777"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "security-officer@isc.org", "type": "Secondary"}]}

{"bugzilla": {"description": "bind: bind assertion failure", "id": "2381418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381418"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-617", "details": ["An assertion failure flaw has been discovered in bind. If a `named` caching resolver is configured with `serve-stale-enable`: `yes`, and with `stale-answer-client-timeout` set to `0`, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-40777", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind9.16", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bind9.18", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-07-16T17:38:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40777\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40777\nhttps://kb.isc.org/docs/cve-2025-40777"], "statement": "On Red Hat systems, the host operating system will not be taken down with the bind daemon. A crashed daemon is likely to be restarted by the host mitigating the availability impact.", "threat_severity": "Moderate"}