CVE-2021-25214

Summary

CVE	CVE-2021-25214
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-04-29 01:15:00 UTC
Updated	2023-11-07 03:31:00 UTC
Description	In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

Risk And Classification

Problem Types: CWE-617

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Application	Isc	Bind	All	All	All	All
Application	Isc	Bind	9.10.5	s1	All	All
Application	Isc	Bind	9.10.7	s1	All	All
Application	Isc	Bind	9.11.12	s1	All	All
Application	Isc	Bind	9.11.21	s1	All	All
Application	Isc	Bind	9.11.27	s1	All	All
Application	Isc	Bind	9.11.29	s1	All	All
Application	Isc	Bind	9.11.3	s1	All	All
Application	Isc	Bind	9.11.5	s3	All	All
Application	Isc	Bind	9.11.5	s5	All	All
Application	Isc	Bind	9.11.5	s6	All	All
Application	Isc	Bind	9.11.6	s1	All	All
Application	Isc	Bind	9.11.7	s1	All	All
Application	Isc	Bind	9.11.8	s1	All	All
Application	Isc	Bind	9.16.11	s1	All	All
Application	Isc	Bind	9.16.13	s1	All	All
Application	Isc	Bind	9.16.8	s1	All	All
Application	Isc	Bind	9.9.12	s1	All	All
Application	Isc	Bind	9.9.13	s1	All	All
Application	Isc	Bind	9.9.3	s1	All	All
Application	Isc	Bind	All	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Hardware	Netapp	Aff 500f	-	All	All	All
Operating System	Netapp	Aff 500f Firmware	-	All	All	All
Hardware	Netapp	Aff A250	-	All	All	All
Operating System	Netapp	Aff A250 Firmware	-	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Siemens	Sinec Infrastructure Network Services	All	All	All	All

References

Reference	Source	Link	Tags
CVE-2021-25214: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly - Security Advisories	CONFIRM	kb.isc.org
April 2021 ISC BIND Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
oss-security - Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)	MLIST	www.openwall.com
[SECURITY] Fedora 34 Update: bind-dyndb-ldap-11.7-3.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 33 Update: bind-9.11.31-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: bind-dyndb-ldap-11.7-3.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	CONFIRM	cert-portal.siemens.com
Debian -- Security Information -- DSA-4909-1 bind9	DEBIAN	www.debian.org
oss-security - ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)	MLIST	www.openwall.com
[SECURITY] [DLA 2647-1] bind9 security update	MLIST	lists.debian.org
[SECURITY] Fedora 33 Update: bind-9.11.31-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
oss-security - Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)	MLIST	www.openwall.com
oss-security - Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)	MLIST	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: ISC would like to thank Greg Kuechle of SaskTel for bringing this vulnerability to our attention.

Legacy QID Mappings

15125 ISC BIND Broken Inbound Incremental Zone Update Vulnerability
159374 Oracle Enterprise Linux Security Update for bind (ELSA-2021-3325)
159501 Oracle Enterprise Linux Security Update for bind (ELSA-2021-4384)
174977 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2021:1469-1)
174978 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2021:1471-1)
174979 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2021:1468-1)
178573 Debian Security Update for bind9 (DSA 4909-1)
178593 Debian Security Update for bind9 (DSA 4909-1)
178594 Debian Security Update for bind9 (DLA 2647-1)
180493 Debian Security Update for bind9 (CVE-2021-25214)
198348 Ubuntu Security Notification for Bind vulnerabilities (USN-4929-1)
239604 Red Hat Update for bind (RHSA-2021:3325)
239801 Red Hat Update for bind (RHSA-2021:4384)
257112 CentOS Security Update for bind (CESA-2021:3325)
281228 Fedora Security Update for bind (FEDORA-2021-47f23870ec)
281229 Fedora Security Update for bind (FEDORA-2021-ace61cbee1)
296068 Oracle Solaris 11.4 Support Repository Update (SRU) 34.94.4 Missing (CPUAPR2021)
352404 Amazon Linux Security Advisory for bind: ALAS2-2021-1651
375591 F5 BIG-IP BIND Vulnerability (K11426315)
377496 Alibaba Cloud Linux Security Update for bind (ALINUX2-SA-2021:0053)
500060 Alpine Linux Security Update for bind
503740 Alpine Linux Security Update for bind
670424 EulerOS Security Update for bind (EulerOS-SA-2021-1975)
670478 EulerOS Security Update for bind (EulerOS-SA-2021-2236)
670504 EulerOS Security Update for bind (EulerOS-SA-2021-2262)
670562 EulerOS Security Update for bind (EulerOS-SA-2021-2320)
670596 EulerOS Security Update for bind (EulerOS-SA-2021-2354)
671133 EulerOS Security Update for bind (EulerOS-SA-2021-2572)
672424 EulerOS Security Update for dhcp (EulerOS-SA-2022-2842)
672461 EulerOS Security Update for dhcp (EulerOS-SA-2022-2817)
672477 EulerOS Security Update for dhcp (EulerOS-SA-2023-1032)
672510 EulerOS Security Update for dhcp (EulerOS-SA-2023-1007)
730272 McAfee Web Gateway Multiple Vulnerabilities (WP-3806,WP-4203,WP-3710,WP-4073,WP-3663,WP-4158,WP-4164,WP-3247)
750091 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2021:1826-1)
750231 OpenSUSE Security Update for bind (openSUSE-SU-2021:0668-1)
750804 OpenSUSE Security Update for bind (openSUSE-SU-2021:1826-1)
900029 CBL-Mariner Linux Security Update for bind 9.16.3
903518 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (4176)
940108 AlmaLinux Security Update for bind (ALSA-2021:4384)
960838 Rocky Linux Security Update for bind (RLSA-2021:4384)