CVE-2021-25219

Name of the Vulnerable Software and Affected Versions BIND versions 9.3.0 through 9.11.35 BIND versions 9.12.0 through 9.16.21 BIND Supported Preview Edition versions 9.9.3-S1 through 9.11.35-S1 BIND Supported Preview Edition versions 9.16.8-S1 through 9.16.21-S1 BIND 9.17 development branch versions 9.17.0 through 9.17.18

Description Exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The lame cache's internal data structures can grow almost infinitely, potentially causing significant delays in client query processing. This issue is related to an uncontrolled consumption of resources, which may allow a remote attacker to cause a denial of service.

Recommendations For BIND versions 9.3.0 through 9.11.35, update to a version outside of this range to resolve the issue. For BIND versions 9.12.0 through 9.16.21, update to a version outside of this range to resolve the issue. For BIND Supported Preview Edition versions 9.9.3-S1 through 9.11.35-S1, update to a version outside of this range to resolve the issue. For BIND Supported Preview Edition versions 9.16.8-S1 through 9.16.21-S1, update to a version outside of this range to resolve the issue. For BIND 9.17 development branch versions 9.17.0 through 9.17.18, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the growth of the lame cache's internal data structures to prevent significant delays in client query processing.