Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2021-25219

Updated: 2022-06-21 11:01:59.502478

Description:

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS bind 9.8.2 Released CLSA-2021:1637070791 2022-05-05 12:02:16.212488
CentOS 8.4 ELS bind 9.11.26 Released CLSA-2022:1654511849 2022-06-06 07:45:40.793138
CentOS 8.5 ELS bind 9.11.26 Released CLSA-2022:1654175851 2022-06-02 11:53:10.025703
CloudLinux 6 ELS bind 9.8.2 Released 2022-04-25 18:47:32.139493
Oracle Linux 6 ELS bind 9.8.2 Released CLSA-2021:1635957830 2022-04-25 18:47:32.182119
Ubuntu 16.04 ELS bind9 9.10.3 Released CLSA-2021:1639681836 2022-04-04 03:46:42.735601

Statement

Will not fix: low score