A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use

CVE-2021-25218

7.5HIGH

Key Information

Vendor: Isc
Status: Bind9
Vendor: CVE Published:; 18 August 2021

Badges

👾 Exploit Exists

Summary

In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.

Affected Version(s)

BIND9 = Stable Branch 9.16.19

BIND9 = Development Branch 9.17.16

BIND9 = Supported Preview Edition 9.16.19-S1

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 3, 2024
Vulnerability published.
Aug 18, 2021
Vulnerability Reserved.
Jan 15, 2021

Collectors

NVD DatabaseMitre Database