CVE-2021-25218

CWE-617 — Reachable Assertion6 documents6 sources

Severity

7.5HIGH

EPSS

0.6%

top 30.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 Fedoraproject Fedora ISC Bind

Timeline

PublishedAug 18

Latest updateMay 24

Description

In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Alpinebind< 9.16.20-r0+12

▶NVDisc/bind9.16.19, 9.17.16+1

▶CVEListV5isc/bind9Development Branch 9.17.16, Stable Branch 9.16.19, Supported Preview Edition 9.16.19-S1+2

Also affects: Fedora 34

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-cc8x-chx9-c63q: In BIND 9↗2022-05-24

▶

OSV

CVE-2021-25218: In BIND 9↗2021-08-18

▶

CVEList

A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use↗2021-08-18

▶

📋Vendor Advisories

Red Hat

bind: Too strict assertion check could be triggered when responses require UDP fragmentation if RRL is in use↗2021-08-18

▶

Debian

CVE-2021-25218: bind9 - In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edi...↗2021

▶