VDB
CVE-2021-25219
CVE-2021-25219
PUBLISHED
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
EPSS 1.04% · 77.8th percentile
Risk Scores
EPSS Score
1.04%
77.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | bind9 | 1:9.16.15-1ubuntu1, 0 |
| Ubuntu:18.04:LTS | bind9 | *, *, * |
| Ubuntu:Pro:14.04:LTS | bind9 | *, 1:9.9.3.dfsg.P2-4ubuntu1, 1:9.9.3.dfsg.P2-4ubuntu2 |
| Ubuntu:20.04:LTS | bind9 | 1:9.16.1-0ubuntu2.1, 1:9.16.1-0ubuntu2, 1:9.16.0-1ubuntu5 |
| Ubuntu:Pro:16.04:LTS | bind9 | 1:9.9.5.dfsg-11ubuntu1, 1:9.9.5.dfsg-12, 1:9.9.5.dfsg-12.1 |
Exploit Intelligence
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
…and 8 more exploits
Timeline
- CVE Published
- Oct 28, 2021 EPSS Score
- Dec 23, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 17, 2022 EPSS Score
- Mar 9, 2022 EPSS Score
- Apr 14, 2022 EPSS Score
- Apr 20, 2022 EPSS Score
- Jun 9, 2022 EPSS Score
- Sep 30, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
- Jan 20, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-25219 third-party-advisory
- https://kb.isc.org/docs/cve-2021-25219 third-party-advisory
- https://ubuntu.com/security/notices/USN-5126-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5126-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-25219 third-party-advisory