csaf_suse - suse-su-2022:2713-1

Vulnerability from csaf_suse

Published

2022-08-09 10:38

Modified

2022-08-09 10:38

Summary

Security update for bind

Notes

Title of the patch

Security update for bind

Description of the patch

This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136). The following non-security bugs were fixed: - Update to release 9.16.31 (jsc#SLE-24600). - Logrotation broken since dropping chroot (bsc#1200685). - A non-existent initialization script (eg a leftorver 'createNamedConfInclude' in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2]

Patchnames

SUSE-2022-2713,SUSE-SLE-Module-Basesystem-15-SP4-2022-2713,SUSE-SLE-Module-Server-Applications-15-SP4-2022-2713,openSUSE-SLE-15.4-2022-2713

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for bind",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for bind fixes the following issues:\n\n- CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146).\n- CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135).\n- CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame  leading to deny of service (bsc#1197136).\n\nThe following non-security bugs were fixed:\n\n- Update to release 9.16.31 (jsc#SLE-24600). \n- Logrotation broken since dropping chroot (bsc#1200685).\n- A non-existent initialization script (eg a leftorver\n  'createNamedConfInclude' in /etc/sysconfig/named) may cause named\n  not to start. A warning message is printed in named.prep and\n  the fact is ignored.\n  Also, the return value of a failed script was not handled properly\n  causing a failed script to not prevent named to start. This\n  is now fixed properly.\n  [bsc#1199044, vendor-files.tar.bz2]\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "SUSE-2022-2713,SUSE-SLE-Module-Basesystem-15-SP4-2022-2713,SUSE-SLE-Module-Server-Applications-15-SP4-2022-2713,openSUSE-SLE-15.4-2022-2713",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2713-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2022:2713-1",
            url: "https://www.suse.com/support/update/announcement/2022/suse-su-20222713-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2022:2713-1",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011832.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 1192146",
            url: "https://bugzilla.suse.com/1192146",
         },
         {
            category: "self",
            summary: "SUSE Bug 1197135",
            url: "https://bugzilla.suse.com/1197135",
         },
         {
            category: "self",
            summary: "SUSE Bug 1197136",
            url: "https://bugzilla.suse.com/1197136",
         },
         {
            category: "self",
            summary: "SUSE Bug 1199044",
            url: "https://bugzilla.suse.com/1199044",
         },
         {
            category: "self",
            summary: "SUSE Bug 1200685",
            url: "https://bugzilla.suse.com/1200685",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-25219 page",
            url: "https://www.suse.com/security/cve/CVE-2021-25219/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-25220 page",
            url: "https://www.suse.com/security/cve/CVE-2021-25220/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-0396 page",
            url: "https://www.suse.com/security/cve/CVE-2022-0396/",
         },
      ],
      title: "Security update for bind",
      tracking: {
         current_release_date: "2022-08-09T10:38:14Z",
         generator: {
            date: "2022-08-09T10:38:14Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2022:2713-1",
         initial_release_date: "2022-08-09T10:38:14Z",
         revision_history: [
            {
               date: "2022-08-09T10:38:14Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.16.31-150400.5.6.1.aarch64",
                        product: {
                           name: "bind-9.16.31-150400.5.6.1.aarch64",
                           product_id: "bind-9.16.31-150400.5.6.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.16.31-150400.5.6.1.aarch64",
                        product: {
                           name: "bind-utils-9.16.31-150400.5.6.1.aarch64",
                           product_id: "bind-utils-9.16.31-150400.5.6.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.16.31-150400.5.6.1.i586",
                        product: {
                           name: "bind-9.16.31-150400.5.6.1.i586",
                           product_id: "bind-9.16.31-150400.5.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.16.31-150400.5.6.1.i586",
                        product: {
                           name: "bind-utils-9.16.31-150400.5.6.1.i586",
                           product_id: "bind-utils-9.16.31-150400.5.6.1.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-doc-9.16.31-150400.5.6.1.noarch",
                        product: {
                           name: "bind-doc-9.16.31-150400.5.6.1.noarch",
                           product_id: "bind-doc-9.16.31-150400.5.6.1.noarch",
                        },
                     },
                     {
                        category: "product_version",
                        name: "python3-bind-9.16.31-150400.5.6.1.noarch",
                        product: {
                           name: "python3-bind-9.16.31-150400.5.6.1.noarch",
                           product_id: "python3-bind-9.16.31-150400.5.6.1.noarch",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.16.31-150400.5.6.1.ppc64le",
                        product: {
                           name: "bind-9.16.31-150400.5.6.1.ppc64le",
                           product_id: "bind-9.16.31-150400.5.6.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.16.31-150400.5.6.1.ppc64le",
                        product: {
                           name: "bind-utils-9.16.31-150400.5.6.1.ppc64le",
                           product_id: "bind-utils-9.16.31-150400.5.6.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.16.31-150400.5.6.1.s390x",
                        product: {
                           name: "bind-9.16.31-150400.5.6.1.s390x",
                           product_id: "bind-9.16.31-150400.5.6.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.16.31-150400.5.6.1.s390x",
                        product: {
                           name: "bind-utils-9.16.31-150400.5.6.1.s390x",
                           product_id: "bind-utils-9.16.31-150400.5.6.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.16.31-150400.5.6.1.x86_64",
                        product: {
                           name: "bind-9.16.31-150400.5.6.1.x86_64",
                           product_id: "bind-9.16.31-150400.5.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.16.31-150400.5.6.1.x86_64",
                        product: {
                           name: "bind-utils-9.16.31-150400.5.6.1.x86_64",
                           product_id: "bind-utils-9.16.31-150400.5.6.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Module for Basesystem 15 SP4",
                        product: {
                           name: "SUSE Linux Enterprise Module for Basesystem 15 SP4",
                           product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-module-basesystem:15:sp4",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Module for Server Applications 15 SP4",
                        product: {
                           name: "SUSE Linux Enterprise Module for Server Applications 15 SP4",
                           product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP4",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-module-server-applications:15:sp4",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.4",
                        product: {
                           name: "openSUSE Leap 15.4",
                           product_id: "openSUSE Leap 15.4",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.4",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.16.31-150400.5.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
            },
            product_reference: "bind-utils-9.16.31-150400.5.6.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.16.31-150400.5.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
            },
            product_reference: "bind-utils-9.16.31-150400.5.6.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.16.31-150400.5.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
            },
            product_reference: "bind-utils-9.16.31-150400.5.6.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.16.31-150400.5.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
            },
            product_reference: "bind-utils-9.16.31-150400.5.6.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "python3-bind-9.16.31-150400.5.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
            },
            product_reference: "python3-bind-9.16.31-150400.5.6.1.noarch",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.16.31-150400.5.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
            },
            product_reference: "bind-9.16.31-150400.5.6.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.16.31-150400.5.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
            },
            product_reference: "bind-9.16.31-150400.5.6.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.16.31-150400.5.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
            },
            product_reference: "bind-9.16.31-150400.5.6.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.16.31-150400.5.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
            },
            product_reference: "bind-9.16.31-150400.5.6.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-doc-9.16.31-150400.5.6.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
            },
            product_reference: "bind-doc-9.16.31-150400.5.6.1.noarch",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.16.31-150400.5.6.1.aarch64 as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
            },
            product_reference: "bind-9.16.31-150400.5.6.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.16.31-150400.5.6.1.ppc64le as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
            },
            product_reference: "bind-9.16.31-150400.5.6.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.16.31-150400.5.6.1.s390x as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
            },
            product_reference: "bind-9.16.31-150400.5.6.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.16.31-150400.5.6.1.x86_64 as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
            },
            product_reference: "bind-9.16.31-150400.5.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-doc-9.16.31-150400.5.6.1.noarch as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
            },
            product_reference: "bind-doc-9.16.31-150400.5.6.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.16.31-150400.5.6.1.aarch64 as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
            },
            product_reference: "bind-utils-9.16.31-150400.5.6.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.16.31-150400.5.6.1.ppc64le as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
            },
            product_reference: "bind-utils-9.16.31-150400.5.6.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.16.31-150400.5.6.1.s390x as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
            },
            product_reference: "bind-utils-9.16.31-150400.5.6.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.16.31-150400.5.6.1.x86_64 as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
            },
            product_reference: "bind-utils-9.16.31-150400.5.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "python3-bind-9.16.31-150400.5.6.1.noarch as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
            },
            product_reference: "python3-bind-9.16.31-150400.5.6.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2021-25219",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-25219",
            },
         ],
         notes: [
            {
               category: "general",
               text: "In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
               "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
               "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-25219",
               url: "https://www.suse.com/security/cve/CVE-2021-25219",
            },
            {
               category: "external",
               summary: "SUSE Bug 1192146 for CVE-2021-25219",
               url: "https://bugzilla.suse.com/1192146",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-08-09T10:38:14Z",
               details: "moderate",
            },
         ],
         title: "CVE-2021-25219",
      },
      {
         cve: "CVE-2021-25220",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-25220",
            },
         ],
         notes: [
            {
               category: "general",
               text: "BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
               "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
               "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-25220",
               url: "https://www.suse.com/security/cve/CVE-2021-25220",
            },
            {
               category: "external",
               summary: "SUSE Bug 1197135 for CVE-2021-25220",
               url: "https://bugzilla.suse.com/1197135",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-08-09T10:38:14Z",
               details: "moderate",
            },
         ],
         title: "CVE-2021-25220",
      },
      {
         cve: "CVE-2022-0396",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-0396",
            },
         ],
         notes: [
            {
               category: "general",
               text: "BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
               "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
               "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
               "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
               "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-0396",
               url: "https://www.suse.com/security/cve/CVE-2022-0396",
            },
            {
               category: "external",
               summary: "SUSE Bug 1197136 for CVE-2022-0396",
               url: "https://bugzilla.suse.com/1197136",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-bind-9.16.31-150400.5.6.1.noarch",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-9.16.31-150400.5.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:bind-doc-9.16.31-150400.5.6.1.noarch",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.aarch64",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.ppc64le",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.s390x",
                  "openSUSE Leap 15.4:bind-utils-9.16.31-150400.5.6.1.x86_64",
                  "openSUSE Leap 15.4:python3-bind-9.16.31-150400.5.6.1.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-08-09T10:38:14Z",
               details: "moderate",
            },
         ],
         title: "CVE-2022-0396",
      },
   ],
}

cve-2022-0396

Vulnerability from cvelistv5

Published

2022-03-23 10:45

Modified

2024-09-16 19:05

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

References

▼	URL	Tags
	https://kb.isc.org/v1/docs/cve-2022-0396
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20220408-0001/
	https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
	https://security.gentoo.org/glsa/202210-25	vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND	Version: Open Source Branch 9.16 9.16.11 through versions before 9.16.27 Version: Development Branch 9.17 BIND 9.17 all versions Version: Open Source Branch 9.18 9.18.0 Version: Supported Preview Branch 9.16-S 9.16.11-S through versions before 9.16.27-S

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:25:40.544Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kb.isc.org/v1/docs/cve-2022-0396",
               },
               {
                  name: "FEDORA-2022-14e36aac0c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220408-0001/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
               },
               {
                  name: "GLSA-202210-25",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "BIND",
               vendor: "ISC",
               versions: [
                  {
                     status: "affected",
                     version: "Open Source Branch 9.16 9.16.11 through versions before 9.16.27",
                  },
                  {
                     status: "affected",
                     version: "Development Branch 9.17 BIND 9.17 all versions",
                  },
                  {
                     status: "affected",
                     version: "Open Source Branch 9.18 9.18.0",
                  },
                  {
                     status: "affected",
                     version: "Supported Preview Branch 9.16-S 9.16.11-S through versions before 9.16.27-S",
                  },
               ],
            },
         ],
         datePublic: "2022-03-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. 9.16.11 to 9.16.26 (including S editions), and 9.18.0. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-31T00:00:00",
            orgId: "404fd4d2-a609-4245-b543-2c944a302a22",
            shortName: "isc",
         },
         references: [
            {
               url: "https://kb.isc.org/v1/docs/cve-2022-0396",
            },
            {
               name: "FEDORA-2022-14e36aac0c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220408-0001/",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
            },
            {
               name: "GLSA-202210-25",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-25",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Upgrade to the patched release most closely related to your current version of BIND:\n    9.16.27\n    9.18.1\nBIND Supported Preview Edition is a special feature-preview branch of BIND provided to eligible ISC support customers.\n    9.16.27-S1",
            },
         ],
         source: {
            discovery: "INTERNAL",
         },
         title: "DoS from specifically crafted TCP packets",
         workarounds: [
            {
               lang: "en",
               value: "To mitigate this issue in all affected versions of BIND, use the default setting of keep-response-order { none; }.\nActive exploits: We are not aware of any active exploits.",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22",
      assignerShortName: "isc",
      cveId: "CVE-2022-0396",
      datePublished: "2022-03-23T10:45:13.589095Z",
      dateReserved: "2022-01-27T00:00:00",
      dateUpdated: "2024-09-16T19:05:24.544Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-25220

Vulnerability from cvelistv5

Published

2022-03-23 12:50

Modified

2024-09-16 17:08

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Summary

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

References

▼	URL	Tags
	https://kb.isc.org/v1/docs/cve-2021-25220
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20220408-0001/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/	vendor-advisory
	https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
	https://security.gentoo.org/glsa/202210-25	vendor-advisory
	https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US

Impacted products

	Vendor	Product	Version
	ISC	BIND	Version: Open Source Branch 9.11 9.11.0 through versions before 9.11.37 Version: Development Branch 9.17 BIND 9.17 all version Version: Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27 Version: Open Source Branch 9.18 9.18.0 Version: Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S Version: Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T19:56:11.083Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kb.isc.org/v1/docs/cve-2021-25220",
               },
               {
                  name: "FEDORA-2022-14e36aac0c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/",
               },
               {
                  name: "FEDORA-2022-042d9c6146",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220408-0001/",
               },
               {
                  name: "FEDORA-2022-a88218de5c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/",
               },
               {
                  name: "FEDORA-2022-05918f0838",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/",
               },
               {
                  name: "FEDORA-2022-3f293290c3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
               },
               {
                  name: "GLSA-202210-25",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-25",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "BIND",
               vendor: "ISC",
               versions: [
                  {
                     status: "affected",
                     version: "Open Source Branch 9.11  9.11.0 through versions before 9.11.37",
                  },
                  {
                     status: "affected",
                     version: "Development Branch 9.17  BIND 9.17 all version",
                  },
                  {
                     status: "affected",
                     version: "Open Source Branch 9.12-16  9.12.0 through versions before 9.16.27",
                  },
                  {
                     status: "affected",
                     version: "Open Source Branch 9.18 9.18.0",
                  },
                  {
                     status: "affected",
                     version: "Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S",
                  },
                  {
                     status: "affected",
                     version: "Supported Preview Branch 9.16-S  9.16.0-S through versions before 9.16.27-S",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue.",
            },
         ],
         datePublic: "2022-03-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are:     Resolvers using per zone or global forwarding with forward first (forward first is the default).     Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only.     Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND     9.11.0 -> 9.11.36     9.12.0 -> 9.16.26     9.17.0 -> 9.18.0 BIND Supported Preview Editions:     9.11.4-S1 -> 9.11.36-S1     9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-23T00:00:00",
            orgId: "404fd4d2-a609-4245-b543-2c944a302a22",
            shortName: "isc",
         },
         references: [
            {
               url: "https://kb.isc.org/v1/docs/cve-2021-25220",
            },
            {
               name: "FEDORA-2022-14e36aac0c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/",
            },
            {
               name: "FEDORA-2022-042d9c6146",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220408-0001/",
            },
            {
               name: "FEDORA-2022-a88218de5c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/",
            },
            {
               name: "FEDORA-2022-05918f0838",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/",
            },
            {
               name: "FEDORA-2022-3f293290c3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
            },
            {
               name: "GLSA-202210-25",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-25",
            },
            {
               url: "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Upgrade to the patched release most closely related to your current version of BIND:\n    BIND 9.11.37\n    BIND 9.16.27\n    BIND 9.18.1\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n    BIND 9.11.37-S1\n    BIND 9.16.27-S1",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "DNS forwarders - cache poisoning vulnerability",
         workarounds: [
            {
               lang: "en",
               value: "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use-case, it may be possible to use other zone types to replace forward zones.\nActive exploits: We are not aware of any active exploits.",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22",
      assignerShortName: "isc",
      cveId: "CVE-2021-25220",
      datePublished: "2022-03-23T12:50:10.367480Z",
      dateReserved: "2021-01-15T00:00:00",
      dateUpdated: "2024-09-16T17:08:54.143Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-25219

Vulnerability from cvelistv5

Published

2021-10-27 21:10

Modified

2024-09-16 17:33

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

References

▼	URL	Tags
	https://kb.isc.org/v1/docs/cve-2021-25219
	https://www.debian.org/security/2021/dsa-4994	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTKC4E3HUOLYN5IA4EBL4VAQSWG2ZVTX/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGV7SA27CTYLGFJSPUM3V36ZWK7WWDI4/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EF4NAVRV4H3W4GA3LGGZYUKD3HSJBAVW/	vendor-advisory
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
	https://security.netapp.com/advisory/ntap-20211118-0002/
	https://security.gentoo.org/glsa/202210-25	vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND9	Version: Open Source Branches 9.3 through 9.11 9.3.0 through versions before 9.11.36 Version: Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.22 Version: Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.36-S1 Version: Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.22-S1 Version: Development Branch 9.17 9.17.0 through versions before 9.17.19

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T19:56:11.060Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kb.isc.org/v1/docs/cve-2021-25219",
               },
               {
                  name: "DSA-4994",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4994",
               },
               {
                  name: "[debian-lts-announce] 20211102 [SECURITY] [DLA 2807-1] bind9 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html",
               },
               {
                  name: "FEDORA-2021-58e7b873b7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTKC4E3HUOLYN5IA4EBL4VAQSWG2ZVTX/",
               },
               {
                  name: "FEDORA-2021-39b33260b8",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGV7SA27CTYLGFJSPUM3V36ZWK7WWDI4/",
               },
               {
                  name: "FEDORA-2021-eb8dab50ba",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EF4NAVRV4H3W4GA3LGGZYUKD3HSJBAVW/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20211118-0002/",
               },
               {
                  name: "GLSA-202210-25",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202210-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "BIND9",
               vendor: "ISC",
               versions: [
                  {
                     status: "affected",
                     version: "Open Source Branches 9.3 through 9.11 9.3.0 through versions before 9.11.36",
                  },
                  {
                     status: "affected",
                     version: "Open Source Branches 9.12 through 9.16 9.12.0 through versions before 9.16.22",
                  },
                  {
                     status: "affected",
                     version: "Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions before 9.11.36-S1",
                  },
                  {
                     status: "affected",
                     version: "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.22-S1",
                  },
                  {
                     status: "affected",
                     version: "Development Branch 9.17 9.17.0 through versions before 9.17.19",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "ISC would like to thank Kishore Kumar Kothapalli of Infoblox for bringing this vulnerability to our attention.",
            },
         ],
         datePublic: "2021-10-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "We are not aware of any active exploits.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Authoritative-only BIND 9 servers are NOT vulnerable to this flaw. The purpose of a resolver's lame cache is to ensure that if an authoritative server responds to a resolver's query in a specific broken way, subsequent client queries for the same <QNAME, QTYPE> tuple do not trigger further queries to the same server for a configurable amount of time. The lame cache is enabled by setting the \"lame-ttl\" option in named.conf to a value greater than 0. That option is set to \"lame-ttl 600;\" in the default configuration, which means the lame cache is enabled by default. A successful attack exploiting this flaw causes a named resolver to spend most of its CPU time on managing and checking the lame cache. This results in client queries being responded to with large delays, and increased likelihood of DNS timeouts on client hosts. Affects BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-31T00:00:00",
            orgId: "404fd4d2-a609-4245-b543-2c944a302a22",
            shortName: "isc",
         },
         references: [
            {
               url: "https://kb.isc.org/v1/docs/cve-2021-25219",
            },
            {
               name: "DSA-4994",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2021/dsa-4994",
            },
            {
               name: "[debian-lts-announce] 20211102 [SECURITY] [DLA 2807-1] bind9 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html",
            },
            {
               name: "FEDORA-2021-58e7b873b7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTKC4E3HUOLYN5IA4EBL4VAQSWG2ZVTX/",
            },
            {
               name: "FEDORA-2021-39b33260b8",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGV7SA27CTYLGFJSPUM3V36ZWK7WWDI4/",
            },
            {
               name: "FEDORA-2021-eb8dab50ba",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EF4NAVRV4H3W4GA3LGGZYUKD3HSJBAVW/",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20211118-0002/",
            },
            {
               name: "GLSA-202210-25",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202210-25",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.11.36, BIND 9.16.22, BIND 9.17.19, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.11.36-S1, BIND 9.16.22-S1.",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Lame cache can be abused to severely degrade resolver performance",
         workarounds: [
            {
               lang: "en",
               value: "Setting \"lame-ttl 0;\" disables the lame cache and prevents the performance issue. Our research and testing indicate that in the current Internet there is almost no downside to disabling the lame cache.",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22",
      assignerShortName: "isc",
      cveId: "CVE-2021-25219",
      datePublished: "2021-10-27T21:10:10.088929Z",
      dateReserved: "2021-01-15T00:00:00",
      dateUpdated: "2024-09-16T17:33:38.865Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

cve-2022-0396

Vulnerability from cvelistv5

cve-2021-25220

Vulnerability from cvelistv5

cve-2021-25219

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature