CVE-2021-25220

NameCVE-2021-25220
DescriptionBIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2955-1, DSA-5105-1, ELA-599-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie, jessie (lts)1:9.9.5.dfsg-9+deb8u31fixed
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u12fixed
stretch (lts), stretch1:9.10.3.dfsg.P4-12.3+deb9u16fixed
buster, buster (lts)1:9.11.5.P4+dfsg-5.1+deb10u13fixed
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u11fixed
bullseye1:9.16.50-1~deb11u2fixed
bullseye (security)1:9.16.50-1~deb11u1fixed
bookworm (security), bookworm1:9.18.28-1~deb12u2fixed
sid, trixie1:9.20.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcejessie1:9.9.5.dfsg-9+deb8u27ELA-599-1
bind9sourcestretch1:9.10.3.dfsg.P4-12.3+deb9u11DLA-2955-1
bind9sourcebuster1:9.11.5.P4+dfsg-5.1+deb10u7DSA-5105-1
bind9sourcebullseye1:9.16.27-1~deb11u1DSA-5105-1
bind9source(unstable)1:9.18.1-1

Notes

https://kb.isc.org/docs/cve-2021-25220
Fixed by https://gitlab.isc.org/isc-projects/bind9/-/commit/fc9cb6cf91c1a36b797ffef0a277dbb3989d43dc

Search for package or bug name: Reporting problems