CVE-2021-25220

CWE-444HTTP Request Smuggling12 documents9 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 71.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ISC BindJuniper JunosSiemens Sinec INS+1 more
Timeline
PublishedMar 23
Latest updateJul 15

Description

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages6 packages

NVDisc/bind9.11.09.11.37+4
Debianbind9< 1:9.16.27-1~deb11u1+3
Ubuntubind9< 1:9.11.3+dfsg-1ubuntu1.17+3
CVEListV5isc/bind6 versions+5
NVDjuniper/junos< 19.3+11

Also affects: Fedora 34, 35, 36

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

5
GHSA
GHSA-v8rf-mvwx-cx29: BIND 92022-03-24
CVEList
DNS forwarders - cache poisoning vulnerability2022-03-23
OSV
CVE-2021-25220: BIND 92022-03-23
OSV
bind9 vulnerabilities2022-03-17
OSV
bind9 vulnerability2022-03-17

📋Vendor Advisories

6
Oracle
Oracle Oracle Communications Risk Matrix: Virtual Network Function Manager (BIND) — CVE-2021-252202023-07-15
Ubuntu
Bind vulnerabilities2022-03-17
Ubuntu
Bind vulnerability2022-03-17
Red Hat
bind: DNS forwarders - cache poisoning vulnerability2022-03-16
Microsoft
DNS forwarders - cache poisoning vulnerability2022-03-08
CVE-2021-25220 (MEDIUM CVSS 6.8) | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9. | cvebase.io