Vulnerability Name:

CVE-2021-25219 (CCN-212375)

Assigned:2021-10-27
Published:2021-10-27
Updated:2022-12-08
Summary:In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-25219

Source: security-officer@isc.org
Type: Patch, Third Party Advisory
security-officer@isc.org

Source: XF
Type: UNKNOWN
isc-bind-cve202125219-dos(212375)

Source: CCN
Type: ISC Web site
CVE-2021-25219: Lame cache can be abused to severely degrade resolver performance

Source: security-officer@isc.org
Type: Vendor Advisory
security-officer@isc.org

Source: security-officer@isc.org
Type: Mailing List, Third Party Advisory
security-officer@isc.org

Source: security-officer@isc.org
Type: Mailing List, Third Party Advisory
security-officer@isc.org

Source: security-officer@isc.org
Type: Mailing List, Third Party Advisory
security-officer@isc.org

Source: security-officer@isc.org
Type: Mailing List, Third Party Advisory
security-officer@isc.org

Source: security-officer@isc.org
Type: Third Party Advisory
security-officer@isc.org

Source: security-officer@isc.org
Type: Third Party Advisory
security-officer@isc.org

Source: security-officer@isc.org
Type: Third Party Advisory
security-officer@isc.org

Source: CCN
Type: IBM Security Bulletin 6536716 (i)
BIND for IBM i is affected by CVE-2021-25219

Source: CCN
Type: IBM Security Bulletin 6560382 (AIX)
Vulnerability in BIND affects AIX (CVE-2021-25219)

Source: CCN
Type: IBM Security Bulletin 6575505 (Watson Speech Services Cartridge for Cloud Pak for Data)
A vulnerability in ISC BIND affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-25219)

Source: CCN
Type: IBM Security Bulletin 6840313 (Power HMC)
Vulnerability in Bind (CVE-2021-25219) affects Power HMC

Source: CCN
Type: IBM Security Bulletin 6856409 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: security-officer@isc.org
Type: Third Party Advisory
security-officer@isc.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-25219

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:bind:9.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:9.16.9:*:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:9.17.16:*:*:*:-:*:*:*
  • AND
  • cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:hardware_management_console:9.2.950.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8005
    P
    		dpkg-1.19.0.4-150000.4.4.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7449
    P
    		bind-devel-9.16.6-150300.22.27.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7450
    P
    		bind-utils-9.16.38-150400.5.20.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:685
    P
    		Security update for bind (Important)
    2022-08-09
    oval:org.opensuse.security:def:3530
    P
    		jakarta-taglibs-standard-1.1.1-255.2 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3469
    P
    		davfs2-1.5.2-2.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95099
    P
    		bind-9.16.20-150400.3.6 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94506
    P
    		bind-devel-9.16.6-150300.22.16.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94642
    P
    		libidn-devel-1.34-3.2.2 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2876
    P
    		bind-devel-9.16.6-150300.22.16.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94507
    P
    		bind-utils-9.16.20-150400.3.6 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2877
    P
    		bind-utils-9.16.20-150400.3.6 on GA media (Moderate)
    2022-06-22
    oval:com.redhat.rhsa:def:20222092
    P
    		RHSA-2022:2092: bind security, bug fix, and enhancement update (Moderate)
    2022-05-10
    oval:org.opensuse.security:def:102158
    P
    		Security update for the Linux Kernel (Important)
    2022-03-09
    oval:org.opensuse.security:def:877
    P
    		Security update for bind (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:99737
    P
    		 (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:101605
    P
    		Security update for bind (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:1663
    P
    		Security update for bind (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:100066
    P
    		 (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:102238
    P
    		Security update for bind (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:99201
    P
    		 (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:100404
    P
    		 (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:99475
    P
    		 (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:100738
    P
    		 (Moderate)
    2022-01-21
    oval:org.opensuse.security:def:112005
    P
    		bind-9.16.20-3.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:111141
    P
    		Security update for bind (Important)
    2021-11-24
    oval:org.opensuse.security:def:66986
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:73741
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:96086
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:108824
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:102776
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:69094
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:76054
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:111796
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:5897
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:109442
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:117535
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:101355
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:64619
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:95445
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:118538
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:108021
    P
    		Security update for bind (Important)
    2021-11-23
    oval:org.opensuse.security:def:5150
    P
    		Security update for bind (Important)
    2021-11-11
    oval:org.opensuse.security:def:26163
    P
    		Security update for bind (Important)
    2021-11-11
    oval:org.opensuse.security:def:60412
    P
    		Security update for bind (Important)
    2021-11-11
    oval:org.opensuse.security:def:34589
    P
    		Security update for bind (Important)
    2021-11-11
    oval:org.opensuse.security:def:40043
    P
    		Security update for bind (Important)
    2021-11-09
    oval:org.opensuse.security:def:43174
    P
    		Security update for bind (Important)
    2021-11-09
    oval:org.opensuse.security:def:38744
    P
    		Security update for bind (Important)
    2021-11-09
    oval:org.opensuse.security:def:44473
    P
    		Security update for bind (Important)
    2021-11-09
    oval:org.opensuse.security:def:58861
    P
    		Security update for bind (Important)
    2021-11-08
    oval:org.opensuse.security:def:87502
    P
    		Security update for bind (Important)
    2021-11-08
    oval:org.opensuse.security:def:33038
    P
    		Security update for bind (Important)
    2021-11-08
    BACK
    isc bind 9.11.0
    isc bind 9.16.9
    isc bind 9.17.16
    ibm aix 7.1
    ibm i 7.1
    ibm i 7.2
    ibm i 7.3
    ibm aix 7.2
    ibm i 7.4
    ibm vios 3.1
    ibm hardware management console 9.2.950.0
    ibm aix 7.3
    ibm cloud pak for security 1.10.0.0
    ibm cloud pak for security 1.10.6.0