CVE-2025-8677

EUVD-2025-35583
Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.
This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
Amplification
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Debian logo
Debian Releases
Debian Product
Codename
bind9
bookworm
1:9.18.47-1~deb12u1
fixed
bookworm (security)
1:9.18.49-1~deb12u1
fixed
bullseye
vulnerable
bullseye (security)
1:9.16.50-1~deb11u5
fixed
forky
1:9.20.24-1
fixed
sid
1:9.20.24-1
fixed
trixie
1:9.20.21-1~deb13u1
fixed
trixie (security)
1:9.20.23-1~deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
bionic
needed
focal
Fixed 1:9.18.30-0ubuntu0.20.04.2+esm1
released
jammy
Fixed 1:9.18.39-0ubuntu0.22.04.2
released
noble
Fixed 1:9.18.39-0ubuntu0.24.04.2
released
plucky
Fixed 1:9.20.11-0ubuntu0.2
released
questing
Fixed 1:9.20.11-1ubuntu2.1
released
resolute
Fixed 1:9.20.11-1ubuntu3
released
trusty
needs-triage
xenial
needs-triage
bind9-libs
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
resolute
dne
isc-dhcp
bionic
needs-triage
focal
not-affected
jammy
not-affected
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bind
suse enterprise sap 15 SP6
9.18.33-150600.3.18.1
fixed
suse enterprise sap 15 SP7
9.20.15-150700.3.12.1
fixed
suse enterprise server 15 SP6
9.18.33-150600.3.18.1
fixed
suse enterprise server 15 SP7
9.20.15-150700.3.12.1
fixed
bind-doc
suse enterprise sap 15 SP6
9.18.33-150600.3.18.1
fixed
suse enterprise sap 15 SP7
9.20.15-150700.3.12.1
fixed
suse enterprise server 15 SP6
9.18.33-150600.3.18.1
fixed
suse enterprise server 15 SP7
9.20.15-150700.3.12.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bind
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind-chroot
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind-devel
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind-dnssec-doc
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind-dnssec-utils
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind-doc
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind-libs
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind-license
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind-utils
RHEL 9
32:9.16.23-40.el9_8.1
fixed
bind9.18
RHEL 9
32:9.18.29-5.el9_7.2
fixed
bind9.18-chroot
RHEL 9
32:9.18.29-5.el9_7.2
fixed
bind9.18-devel
RHEL 9
32:9.18.29-5.el9_7.2
fixed
bind9.18-dnssec-utils
RHEL 9
32:9.18.29-5.el9_7.2
fixed
bind9.18-doc
RHEL 9
32:9.18.29-5.el9_7.2
fixed
bind9.18-libs
RHEL 9
32:9.18.29-5.el9_7.2
fixed
bind9.18-utils
RHEL 9
32:9.18.29-5.el9_7.2
fixed
python3-bind
RHEL 9
32:9.16.23-40.el9_8.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bind
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-chroot
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-debuginfo
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-debugsource
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-devel
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-dnssec-utils
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-dnssec-utils-debuginfo
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-doc
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-export-devel
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-export-libs
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-libs
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-libs-debuginfo
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-libs-lite
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-license
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-lite-devel
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-pkcs11
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-pkcs11-devel
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-pkcs11-libs
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-pkcs11-utils
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-sdb
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-sdb-chroot
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
bind-utils
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.12
fixed
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
bind-utils-debuginfo
Amazon Linux 2023
32:9.18.33-1.amzn2023.0.4
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
bind
Azure Linux 3.0
0:9.20.15-1.azl3
fixed
CBL-Mariner 2.0
0:9.16.50-3.cm2
fixed