A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use

CVE-2021-25218

7.5HIGH

Key Information

Vendor
Isc
Status
Bind9
Vendor
CVE Published:
18 August 2021

Badges

๐Ÿ‘พ Exploit Exists

Summary

In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.

Affected Version(s)

BIND9 Stable Branch 9.16.19

BIND9 Development Branch 9.17.16

BIND9 Supported Preview Edition 9.16.19-S1

References

https://kb.isc.org/v1/docs/cve-2021-25218
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2021/08/18/3
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/08/20/2
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.