CVE-2025-40775 Information

Description

When an incoming DNS protocol message includes a Transaction Signature (TSIG) BIND always checks it. If the TSIG contains an invalid value in the algorithm field BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.

Reference

http://www.openwall.com/lists/oss-security/2025/05/21/1 https://kb.isc.org/docs/cve-2025-40775