Lucene search

[email protected]CVE-2021-25214

HistoryApr 29, 2021 - 1:15 a.m.

CVE-2021-25214

2021-04-2901:15:00

CWE-617

[email protected]

web.nvd.nist.gov

564

cve-2021-25214

bind 9

malformed ixfr

vulnerability

nvd

assertion failed

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

CPENameOperatorVersion
isc:bindisc bindeq9.11.7
isc:bindisc bindeq9.11.3
isc:bindisc bindeq9.11.6
isc:bindisc bindeq9.10.5
isc:bindisc bindeq9.11.5
isc:bindisc bindeq9.9.3
isc:bindisc bindeq9.10.7
isc:bindisc bindeq9.11.12
isc:bindisc bindeq9.11.8
isc:bindisc bindeq9.9.12

CPE	Name	Operator	Version
isc:bind	isc bind	eq	9.11.7
isc:bind	isc bind	eq	9.11.3
isc:bind	isc bind	eq	9.11.6
isc:bind	isc bind	eq	9.10.5
isc:bind	isc bind	eq	9.11.5
isc:bind	isc bind	eq	9.9.3
isc:bind	isc bind	eq	9.10.7
isc:bind	isc bind	eq	9.11.12
isc:bind	isc bind	eq	9.11.8
isc:bind	isc bind	eq	9.9.12