Sign-up

ID

VAR-202203-0664


CVE

CVE-2021-25220


TITLE

BIND  Cache Pollution with Incorrect Records Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-001797

DESCRIPTION

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. (CVE-2021-25220) By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. (CVE-2022-2795) By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38177) By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38178). 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2720.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bind security update Advisory ID: RHSA-2022:7790-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7790 Issue date: 2022-11-08 CVE Names: CVE-2021-25220 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: bind-9.11.36-5.el8.aarch64.rpm bind-chroot-9.11.36-5.el8.aarch64.rpm bind-debuginfo-9.11.36-5.el8.aarch64.rpm bind-debugsource-9.11.36-5.el8.aarch64.rpm bind-devel-9.11.36-5.el8.aarch64.rpm bind-export-libs-debuginfo-9.11.36-5.el8.aarch64.rpm bind-libs-9.11.36-5.el8.aarch64.rpm bind-libs-debuginfo-9.11.36-5.el8.aarch64.rpm bind-libs-lite-9.11.36-5.el8.aarch64.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.aarch64.rpm bind-lite-devel-9.11.36-5.el8.aarch64.rpm bind-pkcs11-9.11.36-5.el8.aarch64.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.aarch64.rpm bind-pkcs11-devel-9.11.36-5.el8.aarch64.rpm bind-pkcs11-libs-9.11.36-5.el8.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.aarch64.rpm bind-pkcs11-utils-9.11.36-5.el8.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.aarch64.rpm bind-sdb-9.11.36-5.el8.aarch64.rpm bind-sdb-chroot-9.11.36-5.el8.aarch64.rpm bind-sdb-debuginfo-9.11.36-5.el8.aarch64.rpm bind-utils-9.11.36-5.el8.aarch64.rpm bind-utils-debuginfo-9.11.36-5.el8.aarch64.rpm noarch: bind-license-9.11.36-5.el8.noarch.rpm python3-bind-9.11.36-5.el8.noarch.rpm ppc64le: bind-9.11.36-5.el8.ppc64le.rpm bind-chroot-9.11.36-5.el8.ppc64le.rpm bind-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-debugsource-9.11.36-5.el8.ppc64le.rpm bind-devel-9.11.36-5.el8.ppc64le.rpm bind-export-libs-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-libs-9.11.36-5.el8.ppc64le.rpm bind-libs-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-libs-lite-9.11.36-5.el8.ppc64le.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-lite-devel-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-devel-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-libs-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-utils-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-sdb-9.11.36-5.el8.ppc64le.rpm bind-sdb-chroot-9.11.36-5.el8.ppc64le.rpm bind-sdb-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-utils-9.11.36-5.el8.ppc64le.rpm bind-utils-debuginfo-9.11.36-5.el8.ppc64le.rpm s390x: bind-9.11.36-5.el8.s390x.rpm bind-chroot-9.11.36-5.el8.s390x.rpm bind-debuginfo-9.11.36-5.el8.s390x.rpm bind-debugsource-9.11.36-5.el8.s390x.rpm bind-devel-9.11.36-5.el8.s390x.rpm bind-export-libs-debuginfo-9.11.36-5.el8.s390x.rpm bind-libs-9.11.36-5.el8.s390x.rpm bind-libs-debuginfo-9.11.36-5.el8.s390x.rpm bind-libs-lite-9.11.36-5.el8.s390x.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.s390x.rpm bind-lite-devel-9.11.36-5.el8.s390x.rpm bind-pkcs11-9.11.36-5.el8.s390x.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.s390x.rpm bind-pkcs11-devel-9.11.36-5.el8.s390x.rpm bind-pkcs11-libs-9.11.36-5.el8.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.s390x.rpm bind-pkcs11-utils-9.11.36-5.el8.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.s390x.rpm bind-sdb-9.11.36-5.el8.s390x.rpm bind-sdb-chroot-9.11.36-5.el8.s390x.rpm bind-sdb-debuginfo-9.11.36-5.el8.s390x.rpm bind-utils-9.11.36-5.el8.s390x.rpm bind-utils-debuginfo-9.11.36-5.el8.s390x.rpm x86_64: bind-9.11.36-5.el8.x86_64.rpm bind-chroot-9.11.36-5.el8.x86_64.rpm bind-debuginfo-9.11.36-5.el8.i686.rpm bind-debuginfo-9.11.36-5.el8.x86_64.rpm bind-debugsource-9.11.36-5.el8.i686.rpm bind-debugsource-9.11.36-5.el8.x86_64.rpm bind-devel-9.11.36-5.el8.i686.rpm bind-devel-9.11.36-5.el8.x86_64.rpm bind-export-libs-debuginfo-9.11.36-5.el8.i686.rpm bind-export-libs-debuginfo-9.11.36-5.el8.x86_64.rpm bind-libs-9.11.36-5.el8.i686.rpm bind-libs-9.11.36-5.el8.x86_64.rpm bind-libs-debuginfo-9.11.36-5.el8.i686.rpm bind-libs-debuginfo-9.11.36-5.el8.x86_64.rpm bind-libs-lite-9.11.36-5.el8.i686.rpm bind-libs-lite-9.11.36-5.el8.x86_64.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.i686.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.x86_64.rpm bind-lite-devel-9.11.36-5.el8.i686.rpm bind-lite-devel-9.11.36-5.el8.x86_64.rpm bind-pkcs11-9.11.36-5.el8.x86_64.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.i686.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.x86_64.rpm bind-pkcs11-devel-9.11.36-5.el8.i686.rpm bind-pkcs11-devel-9.11.36-5.el8.x86_64.rpm bind-pkcs11-libs-9.11.36-5.el8.i686.rpm bind-pkcs11-libs-9.11.36-5.el8.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.i686.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.x86_64.rpm bind-pkcs11-utils-9.11.36-5.el8.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.i686.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.x86_64.rpm bind-sdb-9.11.36-5.el8.x86_64.rpm bind-sdb-chroot-9.11.36-5.el8.x86_64.rpm bind-sdb-debuginfo-9.11.36-5.el8.i686.rpm bind-sdb-debuginfo-9.11.36-5.el8.x86_64.rpm bind-utils-9.11.36-5.el8.x86_64.rpm bind-utils-debuginfo-9.11.36-5.el8.i686.rpm bind-utils-debuginfo-9.11.36-5.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: bind-9.11.36-5.el8.src.rpm aarch64: bind-debuginfo-9.11.36-5.el8.aarch64.rpm bind-debugsource-9.11.36-5.el8.aarch64.rpm bind-export-devel-9.11.36-5.el8.aarch64.rpm bind-export-libs-9.11.36-5.el8.aarch64.rpm bind-export-libs-debuginfo-9.11.36-5.el8.aarch64.rpm bind-libs-debuginfo-9.11.36-5.el8.aarch64.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.aarch64.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.aarch64.rpm bind-sdb-debuginfo-9.11.36-5.el8.aarch64.rpm bind-utils-debuginfo-9.11.36-5.el8.aarch64.rpm ppc64le: bind-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-debugsource-9.11.36-5.el8.ppc64le.rpm bind-export-devel-9.11.36-5.el8.ppc64le.rpm bind-export-libs-9.11.36-5.el8.ppc64le.rpm bind-export-libs-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-libs-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-sdb-debuginfo-9.11.36-5.el8.ppc64le.rpm bind-utils-debuginfo-9.11.36-5.el8.ppc64le.rpm s390x: bind-debuginfo-9.11.36-5.el8.s390x.rpm bind-debugsource-9.11.36-5.el8.s390x.rpm bind-export-devel-9.11.36-5.el8.s390x.rpm bind-export-libs-9.11.36-5.el8.s390x.rpm bind-export-libs-debuginfo-9.11.36-5.el8.s390x.rpm bind-libs-debuginfo-9.11.36-5.el8.s390x.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.s390x.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.s390x.rpm bind-sdb-debuginfo-9.11.36-5.el8.s390x.rpm bind-utils-debuginfo-9.11.36-5.el8.s390x.rpm x86_64: bind-debuginfo-9.11.36-5.el8.i686.rpm bind-debuginfo-9.11.36-5.el8.x86_64.rpm bind-debugsource-9.11.36-5.el8.i686.rpm bind-debugsource-9.11.36-5.el8.x86_64.rpm bind-export-devel-9.11.36-5.el8.i686.rpm bind-export-devel-9.11.36-5.el8.x86_64.rpm bind-export-libs-9.11.36-5.el8.i686.rpm bind-export-libs-9.11.36-5.el8.x86_64.rpm bind-export-libs-debuginfo-9.11.36-5.el8.i686.rpm bind-export-libs-debuginfo-9.11.36-5.el8.x86_64.rpm bind-libs-debuginfo-9.11.36-5.el8.i686.rpm bind-libs-debuginfo-9.11.36-5.el8.x86_64.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.i686.rpm bind-libs-lite-debuginfo-9.11.36-5.el8.x86_64.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.i686.rpm bind-pkcs11-debuginfo-9.11.36-5.el8.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.i686.rpm bind-pkcs11-libs-debuginfo-9.11.36-5.el8.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.i686.rpm bind-pkcs11-utils-debuginfo-9.11.36-5.el8.x86_64.rpm bind-sdb-debuginfo-9.11.36-5.el8.i686.rpm bind-sdb-debuginfo-9.11.36-5.el8.x86_64.rpm bind-utils-debuginfo-9.11.36-5.el8.i686.rpm bind-utils-debuginfo-9.11.36-5.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-25220 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2pSOtzjgjWX9erEAQi/EBAAgHatJ8eJZYQ0LPJd4BK7VXTq7kwthxFX FX+21/U0RPPLX/7OBAh3MosX8Pwl29OIo8ZDWYzbNH9hb8S3j88fJyVQOq0Q9aIN 438xBROPR83MuHO4wvaaQsy0d+ydOZuOr81rIZYEOon3+2SgFHUn5mq0zAmNvToR cmUclst9QWw2nDGgD4nOdm3wBeKCulKgeLuJCjONE4fTclWMJKjVzw9SCxAo6V3q ye27kg5M/hnFmToMHIUWi4gTtUVfxAaX/kqNni3G/BS7H0ZMneMUVtSEm8FI0iiO QAH+UbczrvDkqHIBjsdi4QaYlkVhzmG1qjG8J8O2mngokyEF2lrKs+nA+YlkTUmY 8pvptphUv3nPAml9koCVuNJRUsFWVuGdwxbir8BBW/YyyuaWaeIPL7KFmTEzwDsE kbe/OY7yVVCLQX7prOj2hTETYVJIHJ2AXlLr0wYIl72W0S1zidv8Wu0DM0fDdl/J dNaUhnChyauNi78VaVdV4AqL2QDZ/FjJomd7+IuqNqPM0888FKsUC4+lTTZxv3/r seb6iSRXQX/7uJOjosvKiHz1u+nI5Wj7uqCB6BOOfABraGz1AmepDPPK94f/kl/u VSLOjVpseILrw4oLrxNoxfWZqXMU+M6LCob+cZ2ZI1hA7XTzIPbJkYnMDV5n8hTa 9rY/JxXD3Bs=HeAe -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: ISC BIND: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #820563, #835439, #872206 ID: 202210-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.16.33 >= 9.16.33 2 net-dns/bind-tools < 9.16.33 >= 9.16.33 Description =========== Multiple vulnerabilities have been discovered in ISC BIND. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All ISC BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.16.33" All ISC BIND-tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-tools-9.16.33" References ========== [ 1 ] CVE-2021-25219 https://nvd.nist.gov/vuln/detail/CVE-2021-25219 [ 2 ] CVE-2021-25220 https://nvd.nist.gov/vuln/detail/CVE-2021-25220 [ 3 ] CVE-2022-0396 https://nvd.nist.gov/vuln/detail/CVE-2022-0396 [ 4 ] CVE-2022-2795 https://nvd.nist.gov/vuln/detail/CVE-2022-2795 [ 5 ] CVE-2022-2881 https://nvd.nist.gov/vuln/detail/CVE-2022-2881 [ 6 ] CVE-2022-2906 https://nvd.nist.gov/vuln/detail/CVE-2022-2906 [ 7 ] CVE-2022-3080 https://nvd.nist.gov/vuln/detail/CVE-2022-3080 [ 8 ] CVE-2022-38177 https://nvd.nist.gov/vuln/detail/CVE-2022-38177 [ 9 ] CVE-2022-38178 https://nvd.nist.gov/vuln/detail/CVE-2022-38178 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-25 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5332-1 March 17, 2022 bind9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Bind. Software Description: - bind9: Internet Domain Name Server Details: Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. (CVE-2021-25220) It was discovered that Bind incorrectly handled certain crafted TCP streams. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 21.10. (CVE-2022-0396) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: bind9 1:9.16.15-1ubuntu1.2 Ubuntu 20.04 LTS: bind9 1:9.16.1-0ubuntu2.10 Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.17 In general, a standard system update will make all the necessary changes

Trust: 2.43

sources: NVD: CVE-2021-25220 // JVNDB: JVNDB-2022-001797 // VULMON: CVE-2021-25220 // PACKETSTORM: 169894 // PACKETSTORM: 169846 // PACKETSTORM: 178475 // PACKETSTORM: 169745 // PACKETSTORM: 169773 // PACKETSTORM: 169587 // PACKETSTORM: 166356 // PACKETSTORM: 166354

AFFECTED PRODUCTS

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.11.0

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.12.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.16.8

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.17.0

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:22.1

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.18.0

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:22.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.3

Trust: 1.0

vendor:iscmodel:bindscope:ltversion:9.11.37

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.11.4

Trust: 1.0

vendor:iscmodel:bindscope:ltversion:9.16.27

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.4

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:iscmodel:bindscope: - version: -

Trust: 0.8

vendor:日本電気model:esmpro/serveragentscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-001797 // NVD: CVE-2021-25220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25220
value: MEDIUM

Trust: 1.0

security-officer@isc.org: CVE-2021-25220
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-25220
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202203-1514
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-25220
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-25220
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-25220
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-001797
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-25220 // CNNVD: CNNVD-202203-1514 // JVNDB: JVNDB-2022-001797 // NVD: CVE-2021-25220 // NVD: CVE-2021-25220

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.0

problemtype:HTTP Request Smuggling (CWE-444) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001797 // NVD: CVE-2021-25220

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 166356 // PACKETSTORM: 166354 // CNNVD: CNNVD-202203-1514

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202203-1514

PATCH

title:NV22-009url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/

Trust: 0.8

title:Ubuntu Security Notice: USN-5332-2: Bind vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5332-2

Trust: 0.1

title:Red Hat: Moderate: dhcp security and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228385 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227790 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: USN-5332-1: Bind vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5332-1

Trust: 0.1

title:Red Hat: Moderate: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228068 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230402 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5105-1 bind9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=16d84b908a424f50b3236db9219500e3

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-25220

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-2001url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2001

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-166url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-166

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-138url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-138

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-25220

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2021-25220 // JVNDB: JVNDB-2022-001797

EXTERNAL IDS

db:NVDid:CVE-2021-25220

Trust: 4.1

db:SIEMENSid:SSA-637483

Trust: 1.7

db:ICS CERTid:ICSA-22-258-05

Trust: 1.5

db:JVNid:JVNVU99475301

Trust: 0.8

db:JVNid:JVNVU98927070

Trust: 0.8

db:JVNid:JVNVU92488108

Trust: 0.8

db:ICS CERTid:ICSA-25-105-08

Trust: 0.8

db:JVNDBid:JVNDB-2022-001797

Trust: 0.8

db:PACKETSTORMid:169894

Trust: 0.7

db:PACKETSTORMid:169846

Trust: 0.7

db:PACKETSTORMid:169773

Trust: 0.7

db:PACKETSTORMid:169587

Trust: 0.7

db:PACKETSTORMid:166356

Trust: 0.7

db:AUSCERTid:ESB-2022.1150

Trust: 0.6

db:AUSCERTid:ESB-2022.5750

Trust: 0.6

db:AUSCERTid:ESB-2022.4616

Trust: 0.6

db:AUSCERTid:ESB-2022.1223

Trust: 0.6

db:AUSCERTid:ESB-2022.1289

Trust: 0.6

db:AUSCERTid:ESB-2022.2694

Trust: 0.6

db:AUSCERTid:ESB-2022.1183

Trust: 0.6

db:AUSCERTid:ESB-2022.1160

Trust: 0.6

db:CS-HELPid:SB2022032124

Trust: 0.6

db:CS-HELPid:SB2022031701

Trust: 0.6

db:CS-HELPid:SB2022031728

Trust: 0.6

db:PACKETSTORMid:170724

Trust: 0.6

db:CNNVDid:CNNVD-202203-1514

Trust: 0.6

db:VULMONid:CVE-2021-25220

Trust: 0.1

db:PACKETSTORMid:178475

Trust: 0.1

db:PACKETSTORMid:169745

Trust: 0.1

db:PACKETSTORMid:166354

Trust: 0.1

sources: VULMON: CVE-2021-25220 // PACKETSTORM: 169894 // PACKETSTORM: 169846 // PACKETSTORM: 178475 // PACKETSTORM: 169745 // PACKETSTORM: 169773 // PACKETSTORM: 169587 // PACKETSTORM: 166356 // PACKETSTORM: 166354 // CNNVD: CNNVD-202203-1514 // JVNDB: JVNDB-2022-001797 // NVD: CVE-2021-25220

REFERENCES

url:https://kb.isc.org/v1/docs/cve-2021-25220

Trust: 1.8

url:https://security.gentoo.org/glsa/202210-25

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20220408-0001/

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-25220

Trust: 1.6

url:https://supportportal.juniper.net/s/article/2022-10-security-bulletin-junos-os-srx-series-cache-poisoning-vulnerability-in-bind-used-by-dns-proxy-cve-2021-25220?language=en_us

Trust: 1.6

url:https://access.redhat.com/security/cve/cve-2021-25220

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2sxt7247qtknbq67mnrgzd23adxu6e5u/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5vx3i2u3icoiei5y7oya6cholfmnh3yq/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/api7u5e7sx7baavfnw366ffjgd6nzzkv/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/de3uavcpumakg27zl5yxsp2c3riow3jz/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nyd7us4hzrfugaj66zthfbyvp5n3oqby/

Trust: 1.0

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05

Trust: 0.9

url:http://jvn.jp/vu/jvnvu98927070/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99475301/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92488108/index.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyd7us4hzrfugaj66zthfbyvp5n3oqby/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/api7u5e7sx7baavfnw366ffjgd6nzzkv/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5vx3i2u3icoiei5y7oya6cholfmnh3yq/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2sxt7247qtknbq67mnrgzd23adxu6e5u/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/de3uavcpumakg27zl5yxsp2c3riow3jz/

Trust: 0.7

url:https://packetstormsecurity.com/files/169846/red-hat-security-advisory-2022-8385-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1223

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1289

Trust: 0.6

url:https://vigilance.fr/vulnerability/isc-bind-spoofing-via-dns-forwarders-cache-poisoning-37754

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4616

Trust: 0.6

url:https://packetstormsecurity.com/files/169894/red-hat-security-advisory-2022-8068-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031728

Trust: 0.6

url:https://packetstormsecurity.com/files/166356/ubuntu-security-notice-usn-5332-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1150

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1183

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1160

Trust: 0.6

url:https://packetstormsecurity.com/files/169773/red-hat-security-advisory-2022-7643-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/170724/red-hat-security-advisory-2023-0402-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/169587/gentoo-linux-security-advisory-202210-25.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-25220/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5750

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031701

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2694

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032124

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-0396

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://ubuntu.com/security/notices/usn-5332-2

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0396

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-5332-1

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/444.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-25220

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/al2/alas-2023-2001.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8068

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8385

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:2720

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2128584

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2263896

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2064512

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2164032

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2263914

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2720.json

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7790

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7643

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-38178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2906

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2795

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25219

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3080

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-38177

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.16.15-1ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.17

Trust: 0.1

sources: VULMON: CVE-2021-25220 // PACKETSTORM: 169894 // PACKETSTORM: 169846 // PACKETSTORM: 178475 // PACKETSTORM: 169745 // PACKETSTORM: 169773 // PACKETSTORM: 169587 // PACKETSTORM: 166356 // PACKETSTORM: 166354 // CNNVD: CNNVD-202203-1514 // JVNDB: JVNDB-2022-001797 // NVD: CVE-2021-25220

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202203-1514

SOURCES

db:VULMONid:CVE-2021-25220
db:PACKETSTORMid:169894
db:PACKETSTORMid:169846
db:PACKETSTORMid:178475
db:PACKETSTORMid:169745
db:PACKETSTORMid:169773
db:PACKETSTORMid:169587
db:PACKETSTORMid:166356
db:PACKETSTORMid:166354
db:CNNVDid:CNNVD-202203-1514
db:JVNDBid:JVNDB-2022-001797
db:NVDid:CVE-2021-25220

LAST UPDATE DATE

2025-12-22T22:20:05.920000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-25220date:2022-11-28T00:00:00
db:CNNVDid:CNNVD-202203-1514date:2023-07-24T00:00:00
db:JVNDBid:JVNDB-2022-001797date:2025-04-17T07:53:00
db:NVDid:CVE-2021-25220date:2023-11-09T14:44:33.733

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-25220date:2022-03-23T00:00:00
db:PACKETSTORMid:169894date:2022-11-16T16:09:16
db:PACKETSTORMid:169846date:2022-11-15T16:40:52
db:PACKETSTORMid:178475date:2024-05-09T15:16:06
db:PACKETSTORMid:169745date:2022-11-08T13:44:36
db:PACKETSTORMid:169773date:2022-11-08T13:49:24
db:PACKETSTORMid:169587date:2022-10-31T14:50:53
db:PACKETSTORMid:166356date:2022-03-17T15:54:34
db:PACKETSTORMid:166354date:2022-03-17T15:54:20
db:CNNVDid:CNNVD-202203-1514date:2022-03-09T00:00:00
db:JVNDBid:JVNDB-2022-001797date:2022-05-12T00:00:00
db:NVDid:CVE-2021-25220date:2022-03-23T13:15:07.680