Unrated severityNVD Advisory· Published Apr 29, 2021· Updated Sep 17, 2024

A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly

CVE-2021-25214

Description

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

Affected products

osv-coords64 versions
pkg:apk/chainguard/bind pkg:apk/chainguard/bind-dev pkg:apk/chainguard/bind-dnssec-root pkg:apk/chainguard/bind-dnssec-tools pkg:apk/chainguard/bind-doc pkg:apk/chainguard/bind-libs pkg:apk/chainguard/bind-plugins pkg:apk/chainguard/bind-tools pkg:apk/wolfi/bind pkg:apk/wolfi/bind-dev pkg:apk/wolfi/bind-dnssec-root pkg:apk/wolfi/bind-dnssec-tools pkg:apk/wolfi/bind-doc pkg:apk/wolfi/bind-libs pkg:apk/wolfi/bind-plugins pkg:apk/wolfi/bind-tools pkg:rpm/almalinux/bind pkg:rpm/almalinux/bind-chroot pkg:rpm/almalinux/bind-devel pkg:rpm/almalinux/bind-libs pkg:rpm/almalinux/bind-libs-lite pkg:rpm/almalinux/bind-license pkg:rpm/almalinux/bind-lite-devel pkg:rpm/almalinux/bind-pkcs11 pkg:rpm/almalinux/bind-pkcs11-devel pkg:rpm/almalinux/bind-pkcs11-libs pkg:rpm/almalinux/bind-pkcs11-utils pkg:rpm/almalinux/bind-sdb pkg:rpm/almalinux/bind-sdb-chroot pkg:rpm/almalinux/bind-utils pkg:rpm/almalinux/python3-bind pkg:rpm/suse/bind&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%204.0 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Server%204.0 pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0+ 63 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 32:9.11.26-6.el8
- (no CPE)range: < 9.9.9P1-63.25.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-22.7.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-22.7.1
- (no CPE)range: < 9.9.6P1-0.51.26.1
- (no CPE)range: < 9.9.6P1-0.51.26.1
- (no CPE)range: < 9.9.9P1-63.25.1
- (no CPE)range: < 9.9.9P1-63.25.1
- (no CPE)range: < 9.9.9P1-63.25.1
- (no CPE)range: < 9.11.22-3.34.1
- (no CPE)range: < 9.11.22-3.34.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.9.9P1-63.25.1
- (no CPE)range: < 9.11.22-3.34.1
- (no CPE)range: < 9.11.22-3.34.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.11.22-3.34.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.16.6-12.49.1
- (no CPE)range: < 9.9.9P1-63.25.1
- (no CPE)range: < 9.11.22-3.34.1
- (no CPE)range: < 9.9.9P1-63.25.1
- (no CPE)range: < 9.11.22-3.34.1
ISC/BIND9v5
Range: Open Source Branch 9.8 9.8.5 through 9.8.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/mitrevendor-advisoryx_refsource_FEDORA
www.debian.org/security/2021/dsa-4909mitrevendor-advisoryx_refsource_DEBIAN
www.openwall.com/lists/oss-security/2021/04/29/1mitremailing-listx_refsource_MLIST
www.openwall.com/lists/oss-security/2021/04/29/2mitremailing-listx_refsource_MLIST
www.openwall.com/lists/oss-security/2021/04/29/3mitremailing-listx_refsource_MLIST
www.openwall.com/lists/oss-security/2021/04/29/4mitremailing-listx_refsource_MLIST
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfmitrex_refsource_CONFIRM
kb.isc.org/v1/docs/cve-2021-25214mitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2021/05/msg00001.htmlmitremailing-listx_refsource_MLIST
security.netapp.com/advisory/ntap-20210521-0006/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000