CVE-2021-25215 An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

2021-04-2900:55:16

isc

www.cve.org

bind

vulnerability

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.067

Percentile

93.9%

JSON

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

CNA Affected

[
  {
    "product": "BIND9",
    "vendor": "ISC",
    "versions": [
      {
        "status": "affected",
        "version": "Open Source Branches 9.0 through 9.11 9.0.0 through versions before 9.11.30"
      },
      {
        "status": "affected",
        "version": "Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.14"
      },
      {
        "status": "affected",
        "version": "Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.30-S1"
      },
      {
        "status": "affected",
        "version": "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.14-S1"
      },
      {
        "status": "affected",
        "version": "Development Branch 9.17 9.17.0 through versiosn before 9.17.12"
      }
    ]
  }
]