CVE-2025-40775
====================

Title: BIND Assertion Failure via Invalid TSIG Algorithm Name

CVE: CVE-2025-40775

Description:
When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This can be exploited by a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition.

References:
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40775
- ISC Knowledge Base: https://kb.isc.org/docs/cve-2025-40775

Affected Versions:
- BIND 9.20.0 through 9.20.8
- BIND 9.21.0 through 9.21.7

Impact:
- Remote, unauthenticated denial-of-service (DoS)
- Assertion failure and process crash

Mitigation:
- Upgrade to BIND 9.20.9 or later

Disclosure Timeline:
- Reported: 2025-04-30
- Public Disclosure: 2025-05-15

This file is provided for completeness and reference in this demonstration repository. See README.md for lab context and responsible use.