CVE-2021-25214

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
iscCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
iscbind
9.8.5 ≤
𝑥
≤ 9.8.8
iscbind
9.9.3 ≤
𝑥
< 9.11.31
iscbind
9.12.0 ≤
𝑥
< 9.16.15
iscbind
9.17.0 ≤
𝑥
< 9.17.12
iscbind
9.9.3:s1
iscbind
9.9.12:s1
iscbind
9.9.13:s1
iscbind
9.10.5:s1
iscbind
9.10.7:s1
iscbind
9.11.3:s1
iscbind
9.11.5:s3
iscbind
9.11.5:s5
iscbind
9.11.5:s6
iscbind
9.11.6:s1
iscbind
9.11.7:s1
iscbind
9.11.8:s1
iscbind
9.11.12:s1
iscbind
9.11.21:s1
iscbind
9.11.27:s1
iscbind
9.11.29:s1
iscbind
9.16.8:s1
iscbind
9.16.11:s1
iscbind
9.16.13:s1
debiandebian_linux
9.0
debiandebian_linux
10.0
siemenssinec_infrastructure_network_services
𝑥
< 1.0.1.1
netappactive_iq_unified_manager
-
netappcloud_backup
-
netappaff_a250_firmware
-
netappaff_500f_firmware
-
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph300e_firmware
-
netapph500e_firmware
-
netapph700e_firmware
-
netapph410s_firmware
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u1
fixed
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
sid
1:9.20.2-1
fixed
trixie
1:9.20.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
noble
Fixed 1:9.16.8-1ubuntu3.1
released
mantic
Fixed 1:9.16.8-1ubuntu3.1
released
lunar
Fixed 1:9.16.8-1ubuntu3.1
released
kinetic
Fixed 1:9.16.8-1ubuntu3.1
released
jammy
Fixed 1:9.16.8-1ubuntu3.1
released
impish
Fixed 1:9.16.8-1ubuntu3.1
released
hirsute
Fixed 1:9.16.8-1ubuntu3.1
released
groovy
Fixed 1:9.16.6-3ubuntu1.2
released
focal
Fixed 1:9.16.1-0ubuntu2.8
released
bionic
Fixed 1:9.11.3+dfsg-1ubuntu1.15
released
xenial
Fixed 1:9.10.3.dfsg.P4-8ubuntu1.19
released
trusty
needed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2021/04/29/1
http://www.openwall.com/lists/oss-security/2021/04/29/2
http://www.openwall.com/lists/oss-security/2021/04/29/3
http://www.openwall.com/lists/oss-security/2021/04/29/4
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://kb.isc.org/v1/docs/cve-2021-25214
https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/
https://security.netapp.com/advisory/ntap-20210521-0006/
https://www.debian.org/security/2021/dsa-4909
http://www.openwall.com/lists/oss-security/2021/04/29/1
http://www.openwall.com/lists/oss-security/2021/04/29/2
http://www.openwall.com/lists/oss-security/2021/04/29/3
http://www.openwall.com/lists/oss-security/2021/04/29/4
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://kb.isc.org/v1/docs/cve-2021-25214
https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/
https://security.netapp.com/advisory/ntap-20210521-0006/
https://www.debian.org/security/2021/dsa-4909