CVE-2021-25215

EPSS 1.77%
Published 29.04.2021 01:15:08
Last modified 21.11.2024 05:54:33
Source security-officer@isc.org
Teams watchlist Login
Open Login

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Affected products Warnungen 0 Metrics 4 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Isc ≫ Bind SwEdition- Version >= 9.0.0 < 9.11.31

Isc ≫ Bind SwEdition- Version >= 9.12.0 < 9.16.15

Isc ≫ Bind SwEdition- Version >= 9.17.0 < 9.17.12

Isc ≫ Bind Version9.9.3 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.9.12 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.9.13 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.10.5 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.10.7 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.3 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.5 Updates3 SwEditionsupported_preview

Isc ≫ Bind Version9.11.5 Updates5 SwEditionsupported_preview

Isc ≫ Bind Version9.11.5 Updates6 SwEditionsupported_preview

Isc ≫ Bind Version9.11.6 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.7 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.8 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.12 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.21 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.27 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.29 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.8 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.11 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.13 Updates1 SwEditionsupported_preview

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Cloud Backup Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ A250 Firmware Version-

Netapp ≫ A250 Version-

Netapp ≫ 500f Firmware Version-

Netapp ≫ 500f Version-

Oracle ≫ Tekelec Platform Distribution Version >= 7.4.0 <= 7.7.1

Siemens ≫ Sinec Infrastructure Network Services Version < 1.0.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.77%	0.821

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch

Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/04/29/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2021/04/29/2

Third Party Advisory

Mailing List