CVE-2021-25218: A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use
First published: Wed Aug 18 2021(Updated: )
In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC BIND | =9.16.19 | |
| ISC BIND | =9.17.16 | |
| ISC BIND | =9.17.16-s1 | |
| Fedoraproject Fedora | =34 |
Remedy
Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.20 BIND 9.17.17 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. BIND 9.16.20-S1
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/08/18/3
- http://www.openwall.com/lists/oss-security/2021/08/20/2
- https://kb.isc.org/v1/docs/cve-2021-25218
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPJCLGSR4BTGFLBLGIE5TEQP2SNJKGVL/
- https://security.netapp.com/advisory/ntap-20210909-0002/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPJCLGSR4BTGFLBLGIE5TEQP2SNJKGVL/
Frequently Asked Questions
What is CVE-2021-25218?
CVE-2021-25218 is a vulnerability in BIND, specifically in versions 9.16.19, 9.17.16, and 9.17.16-S1, that can cause the named process to terminate due to a failed assertion check.
Which software versions are affected by CVE-2021-25218?
CVE-2021-25218 affects BIND versions 9.16.19, 9.17.16, and 9.17.16-S1.
What is the severity of CVE-2021-25218?
CVE-2021-25218 has a severity rating of 7.5 (high).
How can I fix CVE-2021-25218?
To fix CVE-2021-25218, update your BIND installation to a non-vulnerable version (e.g., upgrade to a version above 9.17.16-S1, if available).
Where can I find more information about CVE-2021-25218?
You can find more information about CVE-2021-25218 on the following sources: [1] [2] [3].
- agent/softwarecombine
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/title
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/isc
- canonical/isc bind
- version/isc bind/9.16.19
- version/isc bind/9.17.16
- version/isc bind/9.17.16-s1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34