CVE-2021-25215

Updated: 2024-11-30 03:08:57.380162

Description:

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2021:1632261705 2022-05-05 12:00:47
CentOS 7 ELS bind 9.11.4 7.5 HIGH Already Fixed 2023-09-19 09:30:36
CentOS 8.4 ELS bind 9.11.26 7.5 HIGH Already Fixed 2023-10-30 11:22:51
CentOS 8.5 ELS bind 9.11.26 7.5 HIGH Already Fixed 2023-10-30 11:22:24
CloudLinux 6 ELS bind 9.8.2 7.5 HIGH Released 2022-04-25 18:47:31
Oracle Linux 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2021:1634922250 2022-04-25 18:47:31
Ubuntu 16.04 ELS bind9 9.10.3 7.5 HIGH Not Vulnerable 2022-04-04 03:48:12
Ubuntu 18.04 ELS bind9 9.11.3 7.5 HIGH Already Fixed 2023-06-02 09:11:09