Home > Vulnerability Database > CVE-2021-25219

Mend Vulnerability Database

CVE-2021-25219

Good to know:

Date: October 27, 2021

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

Language: C

Severity Score

5.3

Related Resources (5)

Url: https://www.debian.org/security/2021/dsa-4994

Url: https://security.netapp.com/advisory/ntap-20211118-0002/

Url: https://security-tracker.debian.org/tracker/CVE-2021-25219

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-25219

Url: https://www.mend.io/vulnerability-database/CVE-2021-25219

Severity Score

5.3

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version bind9 - 9.11.36, 9.16.22, 9.17.19

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2021-25219

Good to know:

Date: October 27, 2021

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?