VDB

CVE-2021-25219

CVE-2021-25219 PUBLISHED

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

EPSS 1.04% · 77.8th percentile

Risk Scores

EPSS Score
1.04%
77.8th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSbind91:9.16.15-1ubuntu1, 0
Ubuntu:18.04:LTSbind9*, *, *
Ubuntu:Pro:14.04:LTSbind9*, 1:9.9.3.dfsg.P2-4ubuntu1, 1:9.9.3.dfsg.P2-4ubuntu2
Ubuntu:20.04:LTSbind91:9.16.1-0ubuntu2.1, 1:9.16.1-0ubuntu2, 1:9.16.0-1ubuntu5
Ubuntu:Pro:16.04:LTSbind91:9.9.5.dfsg-11ubuntu1, 1:9.9.5.dfsg-12, 1:9.9.5.dfsg-12.1

Exploit Intelligence

…and 8 more exploits

Timeline

  • CVE Published
  • Oct 28, 2021 EPSS Score
  • Dec 23, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 17, 2022 EPSS Score
  • Mar 9, 2022 EPSS Score
  • Apr 14, 2022 EPSS Score
  • Apr 20, 2022 EPSS Score
  • Jun 9, 2022 EPSS Score
  • Sep 30, 2022 EPSS Score
  • Nov 25, 2022 EPSS Score
  • Jan 20, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›