CVE-2025-8677

CWE-405 CWE-400 — Uncontrolled Resource Consumption12 documents8 sources

Severity

7.5HIGH

EPSS

0.1%

top 75.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind 9

Timeline

PublishedOct 22

Latest updateNov 12

Description

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Alpinebind< 9.18.41-r0+4

▶Debianbind9< 1:9.16.50-1~deb11u4+3

▶Ubuntubind9< 1:9.18.39-0ubuntu0.22.04.2+3

▶CVEListV5isc/bind_99.18.0 — 9.18.39+4

🔴Vulnerability Details

OSV

bind9 vulnerabilities↗2025-11-12

▶

OSV

CVE-2025-8677: Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion↗2025-10-22

▶

CVEList

Resource exhaustion via malformed DNSKEY handling↗2025-10-22

▶

GHSA

GHSA-924g-f9mr-cm6x: Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion↗2025-10-22

▶

OSV

bind9 vulnerabilities↗2025-10-22

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2025-11-12

▶

Red Hat

bind: Resource exhaustion via malformed DNSKEY handling↗2025-10-22

▶

Ubuntu

Bind vulnerabilities↗2025-10-22

▶

Microsoft

Resource exhaustion via malformed DNSKEY handling↗2025-10-14

▶

Debian

CVE-2025-8677: bind9 - Querying for records within a specially crafted zone containing certain malforme...↗2025

▶