CVE-2021-25214

CWE-617 — Reachable Assertion9 documents8 sources

Severity

6.5MEDIUM

EPSS

0.8%

top 26.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind Siemens Sinec Infrastructure Network Services ISC Bind9 +2 more

Timeline

PublishedApr 29

Latest updateSep 8

Description

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDisc/bind9.9.3 — 9.11.31+20

▶Debianbind9< 1:9.16.15-1+3

▶Ubuntubind9< 1:9.10.3.dfsg.P4-8ubuntu1.19+2

▶CVEListV5isc/bind96 versions+5

▶NVDsiemens/sinec_infrastructure_network_services< 1.0.1.1

Also affects: Debian Linux 10.0, 9.0, Fedora 33, 34

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-pqmv-mqwc-wmr3: In BIND 9↗2022-05-24

▶

OSV

bind9 vulnerabilities↗2021-04-29

▶

CVEList

A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly↗2021-04-29

▶

OSV

CVE-2021-25214: In BIND 9↗2021-04-29

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2025-09-08

▶

Red Hat

bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly↗2021-04-28

▶

Microsoft

A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly↗2021-04-13

▶

Debian

CVE-2021-25214: bind9 - In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9...↗2021

▶