Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
447
VMScore

CVE-2021-25215

Published: 29/04/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 9.0

debian debian linux 10.0

isc bind 9.11.7

isc bind 9.11.3

isc bind 9.11.6

isc bind 9.10.5

isc bind 9.11.5

isc bind 9.9.3

isc bind 9.10.7

isc bind 9.11.12

isc bind 9.11.8

isc bind 9.9.12

isc bind 9.9.13

isc bind 9.11.21

isc bind 9.16.8

isc bind 9.16.11

isc bind 9.11.27

isc bind 9.16.13

isc bind 9.11.29

isc bind

fedoraproject fedora 33

fedoraproject fedora 34

netapp cloud backup -

netapp active iq unified manager -

netapp h300s firmware -

netapp h500s firmware -

netapp h700s firmware -

netapp h300e firmware -

netapp h500e firmware -

netapp h700e firmware -

netapp h410s firmware -

netapp a250 firmware -

netapp 500f firmware -

oracle tekelec platform distribution

siemens sinec infrastructure network services

Vendor Advisories

Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update
Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Debian CVElist Bug Report Logs: bind9: CVE-2021-25215
Debian Bug report logs - #987742 bind9: CVE-2021-25215 Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 28 Apr 2021 20:48:01 UTC Severity: grave Tags: security, upstream Found in version bind9/1:91613-1 ...
Debian Security Advisories: DSA-4909-1 bind9 -- security update
Several vulnerabilities were discovered in BIND, a DNS server implementation CVE-2021-25214 Greg Kuechle discovered that a malformed incoming IXFR transfer could trigger an assertion failure in named, resulting in denial of service CVE-2021-25215 Siva Kakarla discovered that named could crash when a DNAME record placed in the ...
Amazon Linux 2: ALAS2-2021-1635
A flaw was found in bind The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail The highest threat from this flaw is to system availability (CVE-2021-25215) ...
Amazon Linux AMI: ALAS-2021-1508
A flaw was found in bind The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail The highest threat from this flaw is to system availability (CVE-2021-25215) ...
Red Hat: CVE-2021-25215
A flaw was found in bind The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail The highest threat from this flaw is to system availability ...
Arch Linux Issues:
In BIND 900 -> 91129, 9120 -> 91613, and versions BIND 993-S1 -> 91129-S1 and 9168-S1 -> 91613-S1 of BIND Supported Preview Edition, as well as release versions 9170 -> 91711 of the BIND 917 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, t ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy

Mailing Lists

Full Disclosure: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)
On April 28, 2021, we (Internet Systems Consortium) disclosed three vulnerabilities affecting our BIND 9 software: CVE-2021-25214: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly kbiscorg/docs/cve-2021-25214 CVE-2021-25215: An assertion check can fail while answering queries for D ...
Full Disclosure: Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)
Hi Ariande, BIND 917x was using the system SPNEGO since 9172 (I think) Also for older versions, it should be enough to use --disable-isc-spnego if you can’t patch it (that’s what I am doing for Debian buster) It just won’t work with Heimdal krb5, but it compiles just fine with MIT krb5 Cheers, Ondrej -- Ondřej Surý (He/Him) ondr ...
Full Disclosure: Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)
Hello, On Wed, 28 Apr 2021, Michael McNally wrote: Thanks in advance for any advice you can provide on this Ariadne ...
Full Disclosure: Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)
Hello, On Thu, 29 Apr 2021, Ondřej Surý wrote: Yeah, we've always built with --disable-isc-spnego, so no problem there Ariadne ...

Recent Articles

Apple patches iOS, macOS, iPadOS, watchOS, kitchen-sinkOS bugs said to be exploited in the wild
The Register • Iain Thomson in San Francisco • 04 May 2021

Plus: Micro-op CPU caches abused to leak data, and more

In Brief Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear. WebKit, fixed in macOS Big Sur 11.3.1, can be tricked into executing arbitrary code by processing malicious web content – a bad webpage can take over the browser, in other words. "Apple is aware of a report that this issue may have been actively exploited," it said in its advisory. Specifically, there are two bugs: memory corruption flaw CVE-2021-30665, which wa...

Read more...

References

CWE-617https://kb.isc.org/v1/docs/cve-2021-25215http://www.openwall.com/lists/oss-security/2021/04/29/1http://www.openwall.com/lists/oss-security/2021/04/29/2http://www.openwall.com/lists/oss-security/2021/04/29/3http://www.openwall.com/lists/oss-security/2021/04/29/4https://www.debian.org/security/2021/dsa-4909https://lists.debian.org/debian-lts-announce/2021/05/msg00001.htmlhttps://security.netapp.com/advisory/ntap-20210521-0006/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/https://access.redhat.com/errata/RHSA-2022:0056https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09https://www.debian.org/security/2021/dsa-4909
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilegeCVE-2022-48762CVE-2022-48751CVE-2024-37079CVE-2024-30848LFIman-in-the-middleCVE-2022-48736CVE-2024-30103
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook