Reachable Assertion in ISC BIND - CVE-2021-25215
Published: April 29, 2021
Vulnerability identifier: #VU52736
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-25215
CWE-ID: CWE-617
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ISC
Affected software:
ISC BIND
ISC BIND
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when processing DNAME records. A remote attacker can force named to add the same RRset to the ANSWER section more than once, trigger an assertion failure and crash the service. Both authoritative and recursive servers are affected by this issue during zone transfers.
How to mitigate CVE-2021-25215
Install updates from vendor's website.