{"id":"CVE-2021-25220","details":"BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.","modified":"2026-04-16T04:35:48.033067541Z","published":"2022-03-23T13:15:07.680Z","related":["ALSA-2022:7643","ALSA-2022:7790","ALSA-2022:8068","ALSA-2022:8385","CGA-896f-gr76-3pfg","SUSE-SU-2022:0908-1","SUSE-SU-2022:0945-1","SUSE-SU-2022:0946-1","SUSE-SU-2022:1616-1","SUSE-SU-2022:2713-1","openSUSE-SU-2022:0945-1","openSUSE-SU-2022:0946-1","openSUSE-SU-2024:12081-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"},{"type":"WEB","url":"https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220408-0001/"},{"type":"ADVISORY","url":"https://kb.isc.org/v1/docs/cve-2021-25220"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-25"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"1477c19dd9a347ee19a42dac227f299a4680506f"},{"fixed":"796133c72d41e724995121c1f048db1b4529c732"},{"introduced":"2fe4344de48d6061bef5a4000066a99a7c1296a6"},{"fixed":"796133c72d41e724995121c1f048db1b4529c732"},{"introduced":"71a40862c0be867999867cd99e21c2266a5e452b"},{"fixed":"96094c577f5aa8bf8d6dd7533d7be39effb3a243"},{"introduced":"539f9f0860fcf0429ec891249473825ad6fead9c"},{"fixed":"96094c577f5aa8bf8d6dd7533d7be39effb3a243"},{"introduced":"04ca7cc4b6993f47ea61852c759d047c83be7b3f"},{"last_affected":"8db45afa1affcb823e68afdeddedf93e136f5d3e"}],"database_specific":{"versions":[{"introduced":"9.11.0"},{"fixed":"9.11.37"},{"introduced":"9.11.4"},{"fixed":"9.11.37"},{"introduced":"9.12.0"},{"fixed":"9.16.27"},{"introduced":"9.16.8"},{"fixed":"9.16.27"},{"introduced":"9.17.0"},{"last_affected":"9.18.0"}]}}],"versions":["v9.11.11","v9.11.14","v9.11.16","v9.11.4","v9.11.6","v9.11.6rc1","v9.11.7","v9.11.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"fixed":"1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0-sp1"}]},{"events":[{"introduced":"0"},{"fixed":"19.3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r2\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r2\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r2\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r2\\-s4"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r2\\-s5"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r2\\-s6"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r2\\-s7"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r3\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r3\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r3\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r3\\-s4"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r3\\-s5"}]},{"events":[{"introduced":"0"},{"last_affected":"19.3-r3\\-s6"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r1\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r1\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r1\\-s4"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r2\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r2\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r2\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r2\\-s4"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r2\\-s5"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r2\\-s6"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r2\\-s7"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3\\-s4"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3\\-s5"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3\\-s6"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3\\-s7"}]},{"events":[{"introduced":"0"},{"last_affected":"19.4-r3\\-s8"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r1\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r1\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r2\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r2\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r2\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r3"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r3\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r3\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r3\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"20.2-r3\\-s4"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r1\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r2\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r3"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r3\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r3\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r3\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3-r3\\-s4"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r2\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r2\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r3"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r3\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r3\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r3\\-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"20.4-r3\\-s4"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-r2\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-r2\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-r3"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-r3\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.1-r3\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-r1\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-r2\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-r2\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-r3"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-r3\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3-r1\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3-r2\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3-r2\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3-r3"}]},{"events":[{"introduced":"0"},{"last_affected":"21.4-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"21.4-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.4-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.4-r1\\-s2"}]},{"events":[{"introduced":"0"},{"last_affected":"21.4-r2"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1-r1"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1-r1\\-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"22.2-r1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25220.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"}]}