CVE-2021-25220

NameCVE-2021-25220
DescriptionBIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2955-1, DSA-5105-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)buster1:9.11.5.P4+dfsg-5.1+deb10u7fixed
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u10fixed
bullseye1:9.16.44-1~deb11u1fixed
bullseye (security)1:9.16.48-1fixed
bookworm1:9.18.19-1~deb12u1fixed
bookworm (security)1:9.18.24-1fixed
sid, trixie1:9.19.21-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcestretch1:9.10.3.dfsg.P4-12.3+deb9u11DLA-2955-1
bind9sourcebuster1:9.11.5.P4+dfsg-5.1+deb10u7DSA-5105-1
bind9sourcebullseye1:9.16.27-1~deb11u1DSA-5105-1
bind9source(unstable)1:9.18.1-1

Notes

https://kb.isc.org/docs/cve-2021-25220
Fixed by https://gitlab.isc.org/isc-projects/bind9/-/commit/fc9cb6cf91c1a36b797ffef0a277dbb3989d43dc
Search for package or bug name: Reporting problems