5.3

CVE-2021-25219

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

Data is provided by the National Vulnerability Database (NVD)
IscBind SwEdition- Version >= 9.3.0 < 9.11.36
IscBind SwEdition- Version >= 9.12.0 < 9.16.22
IscBind SwEdition- Version >= 9.17.0 < 9.17.19
IscBind Version9.9.3 Updates1 SwEditionsupported_preview
IscBind Version9.9.12 Updates1 SwEditionsupported_preview
IscBind Version9.9.13 Updates1 SwEditionsupported_preview
IscBind Version9.10.5 Updates1 SwEditionsupported_preview
IscBind Version9.10.7 Updates1 SwEditionsupported_preview
IscBind Version9.11.3 Updates1 SwEditionsupported_preview
IscBind Version9.11.5 Updates3 SwEditionsupported_preview
IscBind Version9.11.5 Updates5 SwEditionsupported_preview
IscBind Version9.11.5 Updates6 SwEditionsupported_preview
IscBind Version9.11.6 Updates1 SwEditionsupported_preview
IscBind Version9.11.7 Updates1 SwEditionsupported_preview
IscBind Version9.11.8 Updates1 SwEditionsupported_preview
IscBind Version9.11.12 Updates1 SwEditionsupported_preview
IscBind Version9.11.21 Updates1 SwEditionsupported_preview
IscBind Version9.11.27 Updates1 SwEditionsupported_preview
IscBind Version9.11.29 Updates1 SwEditionsupported_preview
IscBind Version9.11.35 Updates1 SwEditionsupported_preview
IscBind Version9.16.8 Updates1 SwEditionsupported_preview
IscBind Version9.16.11 Updates1 SwEditionsupported_preview
IscBind Version9.16.13 Updates1 SwEditionsupported_preview
IscBind Version9.16.21 Updates1 SwEditionsupported_preview
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
FedoraprojectFedora Version33
FedoraprojectFedora Version34
FedoraprojectFedora Version35
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
NetappCloud Backup Version-
OracleHTTP Server Version12.2.1.3.0
OracleHTTP Server Version12.2.1.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.52% 0.655
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L