CVE-2021-25219 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-25219 PUBLISHED

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

EPSS 0.96% · 76.3th percentile

Risk Scores

EPSS Score

0.96%

76.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	bind9	1:9.16.15-1ubuntu1, 0
Ubuntu:18.04:LTS	bind9	1:9.11.3+dfsg-1ubuntu1.15, 1:9.11.3+dfsg-1ubuntu1.14, 1:9.11.3+dfsg-1ubuntu1.13
Ubuntu:Pro:14.04:LTS	bind9	1:9.9.5.dfsg-3ubuntu0.17, 1:9.9.5.dfsg-3ubuntu0.18, 0
Ubuntu:20.04:LTS	bind9	1:9.11.5.P4+dfsg-5.1ubuntu3, 1:9.11.5.P4+dfsg-5.1ubuntu4, 1:9.11.5.P4+dfsg-5.1ubuntu5
Ubuntu:Pro:16.04:LTS	bind9	1:9.10.3.dfsg.P4-8, 1:9.10.3.dfsg.P4-5, 1:9.10.3.dfsg.P4-4

Timeline

Oct 27, 2021 CVE Published
Oct 28, 2021 EPSS Score
Dec 22, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 16, 2022 EPSS Score
Mar 9, 2022 EPSS Score
Apr 12, 2022 EPSS Score
Apr 20, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Sep 26, 2022 EPSS Score
Nov 21, 2022 EPSS Score
Jan 15, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-25219 third-party-advisory
https://kb.isc.org/docs/cve-2021-25219 third-party-advisory
https://ubuntu.com/security/notices/USN-5126-1 vendor-advisory
https://ubuntu.com/security/notices/USN-5126-2 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2021-25219 third-party-advisory

Open in Interactive Console →