Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-25219

Опубликовано: 27 окт. 2021
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

A flaw was found in the way bind processes broken responses from authoritative servers. This caching mechanism could be abused by an attacker to significantly degrade resolver performance.

Меры по смягчению последствий

The vulnerability has been mitigated by changing the default value of lame-ttl to 0

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6bindOut of support scope
Red Hat Enterprise Linux 7bindOut of support scope
Red Hat Enterprise Linux 9bindNot affected
Red Hat Enterprise Linux 8bindFixedRHSA-2022:209210.05.2022
Red Hat Enterprise Linux 8bindFixedRHSA-2022:209210.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2017636bind: Lame cache can be abused to severely degrade resolver performance

EPSS

Процентиль: 66%
0.00518
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-25219

CVSS3: 5.3
ubuntu
почти 4 года назад

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

nvd логотип

CVE-2021-25219

CVSS3: 5.3
nvd
почти 4 года назад

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

msrc логотип

CVE-2021-25219

CVSS3: 5.3
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-25219

CVSS3: 5.3
debian
почти 4 года назад

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> ...

suse-cvrf логотип

openSUSE-SU-2022:0151-1

suse-cvrf
больше 3 лет назад

Security update for bind

EPSS

Процентиль: 66%
0.00518
Низкий

5.3 Medium

CVSS3