CVE-2021-25220

Description

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Affected products

ISC / BINDOpen Source Branch 9.11 9.11.0 through versions before 9.11.37 – Open Source Branch 9.11 9.11.0 through versions before 9.11.37
ISC / BINDDevelopment Branch 9.17 BIND 9.17 all version – Development Branch 9.17 BIND 9.17 all version
ISC / BINDOpen Source Branch 9.12-16 9.12.0 through versions before 9.16.27 – Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27
ISC / BINDOpen Source Branch 9.18 9.18.0 – Open Source Branch 9.18 9.18.0
ISC / BINDSupported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S – Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S
ISC / BINDSupported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S – Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S

Description

CVSS breakdown

Affected products

References