Vulnerability in Isc Bind9
CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation…
EPSS: 0.010 (77.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Isc Bind9 — versions Open Source Branches 9.3 through 9.11 9.3.0 through versions before 9.11.36, Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.22, Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.36-S1
Public proof-of-concept exploits
References
- kb.isc.org/v1/docs/cve-2021-25219
- DSA-4994 (vendor-advisory)
- [debian-lts-announce] 20211102 [SECURITY] [DLA 2807-1] bind9 security update (mailing-list)
- FEDORA-2021-58e7b873b7 (vendor-advisory)
- FEDORA-2021-39b33260b8 (vendor-advisory)
- FEDORA-2021-eb8dab50ba (vendor-advisory)
- www.oracle.com/security-alerts/cpuapr2022.html
- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- security.netapp.com/advisory/ntap-20211118-0002/
- GLSA-202210-25 (vendor-advisory)
Frequently asked questions
- What is CVE-2021-25219?
- CVE-2021-25219 is a medium-severity vulnerability in Isc Bind9. CVSS score: 5.3/10. Published 2021-10-27.
- How severe is CVE-2021-25219?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2021-25219 known to be exploited?
- 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.