CVE-2021-25219

Name
CVE-2021-25219
Description
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://kb.isc.org/v1/docs/cve-2021-25219
DEBIAN https://www.debian.org/security/2021/dsa-4994
MLIST https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTKC4E3HUOLYN5IA4EBL4VAQSWG2ZVTX/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* bind >= 9.3.0 < 9.11.36
cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:* bind == None == 9.9.3
cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:* bind == None == 9.9.12
cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:* bind == None == 9.9.13
cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:* bind == None == 9.10.5
cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:* bind == None == 9.10.7
cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:* bind == None == 9.11.3
cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:* bind == None == 9.11.5
cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:* bind == None == 9.11.6
cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:* bind == None == 9.11.7
cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:* bind == None == 9.11.8
cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:* bind == None == 9.11.12
cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:* bind == None == 9.11.21
cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:* bind == None == 9.11.27
cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:* bind == None == 9.11.29
cpe:2.3:a:isc:bind:9.11.35:s1:*:*:supported_preview:*:*:* bind == None == 9.11.35
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* bind >= 9.12.0 < 9.16.22
cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:* bind == None == 9.16.8
cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:* bind == None == 9.16.11
cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:* bind == None == 9.16.13
cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:* bind == None == 9.16.21
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* bind >= 9.17.0 < 9.17.19

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bind 3.14-main 9.16.20-r1 None possibly vulnerable
bind 3.13-main 9.16.20-r1 None possibly vulnerable
bind 3.12-main 9.16.20-r1 None possibly vulnerable
bind 3.11-main 9.16.20-r1 None possibly vulnerable