CVE-2021-25215
An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
En BIND versiones 9.0.0 posteriores a 9.11.29, versiones 9.12.0 posteriores a 9.16.13, y BIND versiones 9.9.3-S1 posteriores a 9.11.29-S1 y versiones 9.16.8-S1 posteriores a 9.16.13-S1 de BIND Supported Preview Edition, así como versiones de lanzamiento 9.17.0 posteriores a 9.17.11 de la rama de desarrollo de BIND versión 9.17, cuando una versión vulnerable de named recibe una consulta para un registro que desencadena un fallo descrito anteriormente, el proceso named terminará debido a un comprobación de afirmación fallido. La vulnerabilidad afecta a todas las ramas de BIND 9 que se mantienen actualmente (9.11, 9.11-S, 9.16, 9.16-S, 9.17), así como a todas las demás versiones de BIND 9
A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-15 CVE Reserved
- 2021-04-29 CVE Published
- 2024-05-31 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/04/29/1 | Mailing List | |
http://www.openwall.com/lists/oss-security/2021/04/29/2 | Mailing List | |
http://www.openwall.com/lists/oss-security/2021/04/29/3 | Mailing List | |
http://www.openwall.com/lists/oss-security/2021/04/29/4 | Mailing List | |
https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20210521-0006 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpuoct2021.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H300e Firmware Search vendor "Netapp" for product "H300e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300e Search vendor "Netapp" for product "H300e" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H500e Firmware Search vendor "Netapp" for product "H500e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500e Search vendor "Netapp" for product "H500e" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H700e Firmware Search vendor "Netapp" for product "H700e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700e Search vendor "Netapp" for product "H700e" | - | - |
Safe
|
Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
Netapp Search vendor "Netapp" | A250 Firmware Search vendor "Netapp" for product "A250 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | A250 Search vendor "Netapp" for product "A250" | - | - |
Safe
|
Netapp Search vendor "Netapp" | 500f Firmware Search vendor "Netapp" for product "500f Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | 500f Search vendor "Netapp" for product "500f" | - | - |
Safe
|
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.0.0 < 9.11.31 Search vendor "Isc" for product "Bind" and version " >= 9.0.0 < 9.11.31" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.12.0 < 9.16.15 Search vendor "Isc" for product "Bind" and version " >= 9.12.0 < 9.16.15" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.17.0 < 9.17.12 Search vendor "Isc" for product "Bind" and version " >= 9.17.0 < 9.17.12" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.3 Search vendor "Isc" for product "Bind" and version "9.9.3" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.12 Search vendor "Isc" for product "Bind" and version "9.9.12" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.13 Search vendor "Isc" for product "Bind" and version "9.9.13" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.5 Search vendor "Isc" for product "Bind" and version "9.10.5" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.7 Search vendor "Isc" for product "Bind" and version "9.10.7" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.3 Search vendor "Isc" for product "Bind" and version "9.11.3" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5" | s3, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5" | s5, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5" | s6, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.6 Search vendor "Isc" for product "Bind" and version "9.11.6" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.7 Search vendor "Isc" for product "Bind" and version "9.11.7" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.8 Search vendor "Isc" for product "Bind" and version "9.11.8" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.12 Search vendor "Isc" for product "Bind" and version "9.11.12" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.21 Search vendor "Isc" for product "Bind" and version "9.11.21" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.27 Search vendor "Isc" for product "Bind" and version "9.11.27" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.29 Search vendor "Isc" for product "Bind" and version "9.11.29" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.16.8 Search vendor "Isc" for product "Bind" and version "9.16.8" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.16.11 Search vendor "Isc" for product "Bind" and version "9.16.11" | s1, supported_preview |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.16.13 Search vendor "Isc" for product "Bind" and version "9.16.13" | s1, supported_preview |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Tekelec Platform Distribution Search vendor "Oracle" for product "Tekelec Platform Distribution" | >= 7.4.0 <= 7.7.1 Search vendor "Oracle" for product "Tekelec Platform Distribution" and version " >= 7.4.0 <= 7.7.1" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
|