{
  "threat_severity" : "Important",
  "public_date" : "2021-04-28T00:00:00Z",
  "bugzilla" : {
    "description" : "bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself",
    "id" : "1953857",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1953857"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-617",
  "details" : [ "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", "A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability." ],
  "acknowledgement" : "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Siva Kakarla as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support",
    "release_date" : "2021-04-29T00:00:00Z",
    "advisory" : "RHSA-2021:1468",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "bind-32:9.8.2-0.68.rc1.el6_10.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-04-29T00:00:00Z",
    "advisory" : "RHSA-2021:1469",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "bind-32:9.11.4-26.P2.el7_9.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2021-05-03T00:00:00Z",
    "advisory" : "RHSA-2021:1476",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "bind-32:9.9.4-29.el7_2.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2021-05-03T00:00:00Z",
    "advisory" : "RHSA-2021:1475",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "bind-32:9.9.4-50.el7_3.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2021-05-03T00:00:00Z",
    "advisory" : "RHSA-2021:1479",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "bind-32:9.9.4-51.el7_4.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2021-05-03T00:00:00Z",
    "advisory" : "RHSA-2021:1479",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "bind-32:9.9.4-51.el7_4.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2021-05-03T00:00:00Z",
    "advisory" : "RHSA-2021:1479",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "bind-32:9.9.4-51.el7_4.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2021-05-03T00:00:00Z",
    "advisory" : "RHSA-2021:1478",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "bind-32:9.9.4-74.el7_6.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2021-05-03T00:00:00Z",
    "advisory" : "RHSA-2021:1477",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "bind-32:9.11.4-9.P2.el7_7.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1989",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bind-32:9.11.26-4.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1989",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "bind-32:9.11.26-4.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-05-19T00:00:00Z",
    "advisory" : "RHSA-2021:2028",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.1",
    "package" : "bind-32:9.11.4-26.P2.el8_1.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-05-19T00:00:00Z",
    "advisory" : "RHSA-2021:2024",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2",
    "package" : "bind-32:9.11.13-6.el8_2.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "bind",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "bind97",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "bind",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-25215\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25215\nhttps://kb.isc.org/docs/cve-2021-25215" ],
  "name" : "CVE-2021-25215",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}