CVE-2021-25215

Name of the Vulnerable Software and Affected Versions BIND versions 9.0.0 through 9.11.29 BIND versions 9.12.0 through 9.16.13 BIND versions 9.9.3-S1 through 9.11.29-S1 BIND versions 9.16.8-S1 through 9.16.13-S1 BIND versions 9.17.0 through 9.17.11

Description The issue is related to an assertion failure in the named process when receiving a query for a record, which can cause the process to terminate. This can be triggered by a remote attacker, leading to a denial of service. The vulnerability affects all currently maintained BIND 9 branches. It is also related to the use of GSS-TSIG features, which can render a server vulnerable if explicitly configured. The estimated number of potentially affected devices is not specified.

Recommendations For BIND versions 9.0.0 through 9.11.29, update to a version that is not affected by this issue. For BIND versions 9.12.0 through 9.16.13, update to a version that is not affected by this issue. For BIND versions 9.9.3-S1 through 9.11.29-S1, update to a version that is not affected by this issue. For BIND versions 9.16.8-S1 through 9.16.13-S1, update to a version that is not affected by this issue. For BIND versions 9.17.0 through 9.17.11, update to a version that is not affected by this issue. As a temporary workaround, consider disabling the use of GSS-TSIG features to minimize the risk of exploitation.