An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself
CVE-2021-25215

7.5HIGH

Key Information:

Vendor
Isc
Status
Bind9
Vendor
CVE Published:
29 April 2021

Badges

👾 Exploit Exists

Summary

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Affected Version(s)

BIND9 Open Source Branches 9.0 through 9.11 9.0.0 through versions before 9.11.30

BIND9 Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.14

BIND9 Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.30-S1

References

https://kb.isc.org/v1/docs/cve-2021-25215
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2021/04/29/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/04/29/2
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ISC would like to thank Siva Kakarla for bringing this vulnerability to our attention.
.