[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2021-25214Date: (C)2021-04-29   (M)2024-02-06


In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 4.0
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
DSA-4909
FEDORA-2021-47f23870ec
FEDORA-2021-ace61cbee1
https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html
http://www.openwall.com/lists/oss-security/2021/04/29/1
http://www.openwall.com/lists/oss-security/2021/04/29/4
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://kb.isc.org/v1/docs/cve-2021-25214
https://security.netapp.com/advisory/ntap-20210521-0006/

CPE    8
cpe:/o:debian:debian_linux:9.0
cpe:/a:isc:bind:9.16.13:s1:~~supported_preview~~~
cpe:/a:isc:bind:9.11.29:s1:~~supported_preview~~~
cpe:/a:isc:bind:9.11.8:s1:~~supported_preview~~~
...
CWE    1
CWE-617
OVAL    25
oval:org.secpod.oval:def:506333
oval:org.secpod.oval:def:89044295
oval:org.secpod.oval:def:89044293
oval:org.secpod.oval:def:89044284
...

© SecPod Technologies