CVE-2021-25219
Published: Oct 27, 2021
Modified: Sep 16, 2024
CVSS v3.1
5.3
Description
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
| Vendor | Product | Versions |
|---|---|---|
ISC | BIND9 | affected Open Source Branches 9.3 through 9.11 9.3.0 through versions before 9.11.36affected Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.22affected Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.36-S1affected Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.22-S1affected Development Branch 9.17 9.17.0 through versions before 9.17.19 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now