{"containers": {"cna": {"affected": [{"product": "BIND9", "vendor": "ISC", "versions": [{"status": "affected", "version": "Open Source Branches 9.0 through 9.11 9.0.0 through versions before 9.11.30"}, {"status": "affected", "version": "Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.14"}, {"status": "affected", "version": "Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.30-S1"}, {"status": "affected", "version": "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.14-S1"}, {"status": "affected", "version": "Development Branch 9.17 9.17.0 through versiosn before 9.17.12"}]}], "credits": [{"lang": "en", "value": "ISC would like to thank Siva Kakarla for bringing this vulnerability to our attention."}], "datePublic": "2021-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may trigger an attempt to add the same RRset to the ANSWER section more than once. This causes an assertion check in BIND to fail. DNAME records are processed by both authoritative and recursive servers. For authoritative servers, the DNAME record triggering the flaw can be retrieved from a zone database. For servers performing recursion, such a record is processed in the course of a query sent to an authoritative server. Affects BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-08T14:08:28", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/v1/docs/cve-2021-25215"}, {"name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/4"}, {"name": "DSA-4909", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4909"}, {"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html"}, {"name": "FEDORA-2021-ace61cbee1", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/"}, {"name": "FEDORA-2021-47f23870ec", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210521-0006/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.31\n BIND 9.16.15\n BIND 9.17.12\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.31-S1\n BIND 9.16.15-S1"}], "source": {"discovery": "EXTERNAL"}, "title": "An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself", "workarounds": [{"lang": "en", "value": "No workarounds known."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2021-04-28T20:20:01.000Z", "ID": "CVE-2021-25215", "STATE": "PUBLIC", "TITLE": "An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIND9", "version": {"version_data": [{"version_name": "Open Source Branches 9.0 through 9.11", "version_value": "9.0.0 through versions before 9.11.30"}, {"version_name": "Open Source Branches 9.12 through 9.16", "version_value": "9.12.0 through versions before 9.16.14"}, {"version_name": "Supported Preview Branches 9.9-S through 9.11-S", "version_value": "9.9.3-S1 through versions before 9.11.30-S1"}, {"version_name": "Supported Preview Branch 9.16-S", "version_value": "9.16.8-S1 through versions before 9.16.14-S1"}, {"version_name": "Development Branch 9.17", "version_value": "9.17.0 through versiosn before 9.17.12"}]}}]}, "vendor_name": "ISC"}]}}, "credit": [{"lang": "eng", "value": "ISC would like to thank Siva Kakarla for bringing this vulnerability to our attention."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9."}]}, "exploit": [{"lang": "en", "value": "We are not aware of any active exploits."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may trigger an attempt to add the same RRset to the ANSWER section more than once. This causes an assertion check in BIND to fail. DNAME records are processed by both authoritative and recursive servers. For authoritative servers, the DNAME record triggering the flaw can be retrieved from a zone database. For servers performing recursion, such a record is processed in the course of a query sent to an authoritative server. Affects BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch."}]}]}, "references": {"reference_data": [{"name": "https://kb.isc.org/v1/docs/cve-2021-25215", "refsource": "CONFIRM", "url": "https://kb.isc.org/v1/docs/cve-2021-25215"}, {"name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/04/29/4"}, {"name": "DSA-4909", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4909"}, {"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html"}, {"name": "FEDORA-2021-ace61cbee1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/"}, {"name": "FEDORA-2021-47f23870ec", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "https://security.netapp.com/advisory/ntap-20210521-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210521-0006/"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}, "solution": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.31\n BIND 9.16.15\n BIND 9.17.12\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.31-S1\n BIND 9.16.15-S1"}], "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "No workarounds known."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:56:11.110Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/v1/docs/cve-2021-25215"}, {"name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"}, {"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/4"}, {"name": "DSA-4909", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4909"}, {"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html"}, {"name": "FEDORA-2021-ace61cbee1", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/"}, {"name": "FEDORA-2021-47f23870ec", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210521-0006/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2021-25215", "datePublished": "2021-04-29T00:55:16.726513Z", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-09-16T22:02:24.791Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "18B8AA9D-C4D1-4F3B-9440-FC29D925961D", "versionEndExcluding": "9.11.31", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "E38EFB1A-11B5-403F-815F-4899E7007D02", "versionEndExcluding": "9.16.15", "versionStartIncluding": "9.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "00F9BCC7-51F7-47EE-AFCE-946F24CC3694", "versionEndExcluding": "9.17.12", "versionStartIncluding": "9.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "40EE014B-0CD8-45F3-BEDB-AE6368A78B04", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "DAF8FA8C-0526-4389-AEC6-92AD62AA3929", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "1A9BA952-A5DF-4CBA-8928-0B373C013C32", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "CAD41122-C5D8-4256-8CB7-FF88DCD96A13", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "6243685F-1E5B-4FF6-AE1B-44798032FBA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "C2FE13E1-0646-46FC-875B-CB4C34E20101", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "matchCriteriaId": "1AA16E51-819C-4A1B-B66E-1C60C1782C0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*", "matchCriteriaId": "91533F9F-C0E5-4E84-8A4C-F744F956BF97", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*", "matchCriteriaId": "46E6A4BD-D69B-4A70-821D-5612DD1315EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "8AF9D390-0D5B-4963-A2D3-BF1E7CD95E9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "AB2B92F1-6BA8-41CA-9000-E0633462CC28", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "02CA4635-7DFC-408E-A837-856E0F96CA1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "3CABCB08-B838-45F7-AA87-77C6B8767DD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "5CC1F26C-4757-4C87-BD8B-2FA456A88C6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "582A4948-B64F-45D4-807A-846A85BB6B42", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "F22E7F6A-0714-480D-ACDF-5027FD6697B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "288EAD80-574B-4839-9C2C-81D6D088A733", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "3595F024-F910-4356-8B5B-D478960FF574", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "94661BA2-27F8-4FFE-B844-9404F735579D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1236B66D-EB11-4324-929F-E2B86683C3C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", "matchCriteriaId": "281DFC67-46BB-4FC2-BE03-3C65C9311F65", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ECF32BB1-9A58-4821-AE49-5D5C8200631F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", "matchCriteriaId": "F21DE67F-CDFD-4D36-9967-633CD0240C6F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*", "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40", "versionEndIncluding": "7.7.1", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9."}, {"lang": "es", "value": "En BIND versiones 9.0.0 posteriores a 9.11.29, versiones 9.12.0 posteriores a 9.16.13, y BIND versiones 9.9.3-S1 posteriores a 9.11.29-S1 y versiones 9.16.8-S1 posteriores a 9.16.13-S1 de BIND Supported Preview Edition, as\u00ed como versiones de lanzamiento 9.17.0 posteriores a 9.17.11 de la rama de desarrollo de BIND versi\u00f3n 9.17, cuando una versi\u00f3n vulnerable de named recibe una consulta para un registro que desencadena un fallo descrito anteriormente, el proceso named terminar\u00e1 debido a un comprobaci\u00f3n de afirmaci\u00f3n fallido. La vulnerabilidad afecta a todas las ramas de BIND 9 que se mantienen actualmente (9.11, 9.11-S, 9.16, 9.16-S, 9.17), as\u00ed como a todas las dem\u00e1s versiones de BIND 9"}], "id": "CVE-2021-25215", "lastModified": "2023-11-07T03:31:24.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2021-04-29T01:15:08.013", "references": [{"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/04/29/4"}, {"source": "security-officer@isc.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/v1/docs/cve-2021-25215"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html"}, {"source": "security-officer@isc.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/"}, {"source": "security-officer@isc.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210521-0006/"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4909"}, {"source": "security-officer@isc.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Siva Kakarla as the original reporter.", "affected_release": [{"advisory": "RHSA-2021:1468", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "bind-32:9.8.2-0.68.rc1.el6_10.11", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2021-04-29T00:00:00Z"}, {"advisory": "RHSA-2021:1469", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "bind-32:9.11.4-26.P2.el7_9.5", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-04-29T00:00:00Z"}, {"advisory": "RHSA-2021:1476", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "bind-32:9.9.4-29.el7_2.11", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-05-03T00:00:00Z"}, {"advisory": "RHSA-2021:1475", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "bind-32:9.9.4-50.el7_3.6", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-05-03T00:00:00Z"}, {"advisory": "RHSA-2021:1479", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "bind-32:9.9.4-51.el7_4.6", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-05-03T00:00:00Z"}, {"advisory": "RHSA-2021:1479", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "bind-32:9.9.4-51.el7_4.6", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2021-05-03T00:00:00Z"}, {"advisory": "RHSA-2021:1479", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "bind-32:9.9.4-51.el7_4.6", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2021-05-03T00:00:00Z"}, {"advisory": "RHSA-2021:1478", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "bind-32:9.9.4-74.el7_6.7", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2021-05-03T00:00:00Z"}, {"advisory": "RHSA-2021:1477", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "bind-32:9.11.4-9.P2.el7_7.5", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2021-05-03T00:00:00Z"}, {"advisory": "RHSA-2021:1989", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "bind-32:9.11.26-4.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1989", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "bind-32:9.11.26-4.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:2028", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "bind-32:9.11.4-26.P2.el8_1.5", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-05-19T00:00:00Z"}, {"advisory": "RHSA-2021:2024", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "bind-32:9.11.13-6.el8_2.3", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-05-19T00:00:00Z"}], "bugzilla": {"description": "bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself", "id": "1953857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953857"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617", "details": ["In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", "A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible."}, "name": "CVE-2021-25215", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "bind97", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-25215\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25215\nhttps://kb.isc.org/docs/cve-2021-25215"], "threat_severity": "Important", "upstream_fix": "bind 9.11.30, bind 9.16.14, bind 9.17.12"}