CVE-2021-25220

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-25220
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25220.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-25220
Downstream
Related
Published
2022-03-23T13:15:07Z
Modified
2025-10-14T18:04:36.525593Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

References

Affected packages

Git / github.com/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://github.com/isc-projects/bind9
Events
Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events

Affected versions

v9.*

v9.11.0
v9.11.1
v9.11.11
v9.11.12
v9.11.13
v9.11.14
v9.11.16
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.11.22
v9.11.29
v9.11.2b1
v9.11.2rc1
v9.11.3
v9.11.35
v9.11.3b1
v9.11.3rc1
v9.11.4
v9.11.4rc2
v9.11.6
v9.11.6rc1
v9.11.7
v9.11.9