CVE-2021-25214

Name of the Vulnerable Software and Affected Versions BIND versions 9.8.5 through 9.8.8 BIND versions 9.9.3 through 9.11.29 BIND versions 9.12.0 through 9.16.13 BIND 9 Supported Preview Edition versions 9.9.3-S1 through 9.11.29-S1 BIND 9 Supported Preview Edition versions 9.16.8-S1 through 9.16.13-S1 BIND 9.17 development branch versions 9.17.0 through 9.17.11

Description The issue is related to insufficient use of the assert() function in the BIND server, which can be exploited by a remote attacker to cause a denial of service using a specially crafted request. When a vulnerable version of named receives a malformed IXFR, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

Recommendations For BIND versions 9.8.5 through 9.8.8, update to a version outside of this range to resolve the issue. For BIND versions 9.9.3 through 9.11.29, update to a version outside of this range to resolve the issue. For BIND versions 9.12.0 through 9.16.13, update to a version outside of this range to resolve the issue. For BIND 9 Supported Preview Edition versions 9.9.3-S1 through 9.11.29-S1, update to a version outside of this range to resolve the issue. For BIND 9 Supported Preview Edition versions 9.16.8-S1 through 9.16.13-S1, update to a version outside of this range to resolve the issue. For BIND 9.17 development branch versions 9.17.0 through 9.17.11, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of the named process to minimize the risk of exploitation.