CVE-2021-25214

Updated: 2024-11-23 04:07:08.397714

Description:

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS bind 9.8.2 6.5 MEDIUM Released CLSA-2021:1632261705 2022-05-05 12:00:46
CentOS 7 ELS bind 9.11.4 6.5 MEDIUM Already Fixed 2023-09-19 09:30:35
CentOS 8.4 ELS bind 9.11.26 6.5 MEDIUM Released CLSA-2022:1643212135 2022-04-25 18:47:32
CentOS 8.5 ELS bind 9.11.26 6.5 MEDIUM Not Vulnerable 2022-04-25 18:47:32
CloudLinux 6 ELS bind 9.8.2 6.5 MEDIUM Released 2022-04-25 18:47:31
Oracle Linux 6 ELS bind 9.8.2 6.5 MEDIUM Released CLSA-2021:1634922250 2022-04-25 18:47:32
Ubuntu 16.04 ELS bind9 9.10.3 6.5 MEDIUM Not Vulnerable 2022-04-04 03:48:03
Ubuntu 18.04 ELS bind9 9.11.3 6.5 MEDIUM Ignored 2023-03-02 04:04:23