CVE-2021-25214

Publication date 28 April 2021

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bind9	24.10 oracular	Fixed 1:9.16.8-1ubuntu3.1
	24.04 LTS noble	Fixed 1:9.16.8-1ubuntu3.1
	23.10 mantic	Fixed 1:9.16.8-1ubuntu3.1
	23.04 lunar	Fixed 1:9.16.8-1ubuntu3.1
	22.10 kinetic	Fixed 1:9.16.8-1ubuntu3.1
	22.04 LTS jammy	Fixed 1:9.16.8-1ubuntu3.1
	21.10 impish	Fixed 1:9.16.8-1ubuntu3.1
	21.04 hirsute	Fixed 1:9.16.8-1ubuntu3.1
	20.10 groovy	Fixed 1:9.16.6-3ubuntu1.2
	20.04 LTS focal	Fixed 1:9.16.1-0ubuntu2.8
	18.04 LTS bionic	Fixed 1:9.11.3+dfsg-1ubuntu1.15
	16.04 LTS xenial	Fixed 1:9.10.3.dfsg.P4-8ubuntu1.19
	14.04 LTS trusty	Ignored end of ESM support, was needed

Notes

mdeslaur

affects 9.8.5+

Severity score breakdown

Parameter	Value
Base score	6.5 · Medium
Attack vector	Network
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

USN-4929-1
Bind vulnerabilities
29 April 2021