CNNVD-202510-2835 Information

CNNVD ID

CNNVD-202510-2835

Related CVE

CVE-2025-40778

• CNNVD Published: 2025-10-22

Description (Chinese)

ISC BIND 9是ISC组织的一个域名系统软件。 ISC BIND 9 9.11.0版本至9.16.50版本、9.18.0版本至9.18.39版本、9.20.0版本至9.20.13版本、9.21.0版本至9.21.12版本、9.11.3-S1版本至9.16.50-S1版本、9.18.11-S1版本至9.18.39-S1版本和9.20.9-S1版本至9.20.13-S1版本存在安全漏洞，该漏洞源于接受应答记录时过于宽松，可能导致缓存中注入伪造数据。

Description (English)

ISC BIND 9 is an ISC-organized domain name system software. There is a security gap between the versions of ICSC BIND 9 9.11.0 to 9.16.50, 9.18.0 to 9.18.39, 9.2.0 to 9.20.13, 9.21.0 to 9.21.12, 9.11.3-S1 to 9.16.50-S1, 9.18.11-S1 to 9.18.39-S1 and 9.20.9-S1 to 9.20.13-S1, which stems from the looseness of acceptance of response records, which may lead to the injection of counterfeit data into the cache.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

ISC

Published

2025-10-22

Last Modified

2026-02-24

References

https://kb.isc.org/docs/cve-2025-40778

Patch

https://www.isc.org/bind/