VDB
DEBIAN-CVE-2021-25219
DEBIAN-CVE-2021-25219
PUBLISHED
CVSS 5.300000190734863 MEDIUM
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | bind9 | 0, 0, 0 |
| Debian:11 | bind9 | *, 1:9.16.21-1+hurd.1, 1:9.16.22-1~deb11u1~bpo10+1 |
| Debian:14 | bind9 | 0, 0, 0 |
| Debian:12 | bind9 | 0, 0, 0 |
Timeline
- Oct 27, 2021 CVE Published
- Apr 28, 2026 CVE Updated