CVE-2021-25214
MEDIUMBIND 9.8.5-9.8.8, 9.9.3-9.11.29, 9.12.0-9.16.13, 9.17.0-9.17.11 - DoS via Malformed IXFR
Title source: llmDescription
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
References (11)
Core 11
Core References
Vendor Advisory x_refsource_confirm
https://kb.isc.org/v1/docs/cve-2021-25214
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/04/29/1
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/04/29/2
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/04/29/3
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/04/29/4
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2021/dsa-4909
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210521-0006/
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Scores
CVSS v3
6.5
EPSS
0.0075
EPSS Percentile
73.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
Status
published
Products (34)
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
33
fedoraproject/fedora
34
isc/bind
9.9.3 s1
isc/bind
9.9.12 s1
isc/bind
9.9.13 s1
isc/bind
9.10.5 s1
isc/bind
9.10.7 s1
isc/bind
9.11.3 s1
... and 24 more
Published
Apr 29, 2021
Tracked Since
Feb 18, 2026