AZL-9118

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-9118.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-9118

Upstream

CVE-2021-25220

Published

2022-03-23T13:15:07Z

Modified

2026-04-01T05:23:38.596727Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

CVE-2021-25220 affecting package bind for versions less than 9.16.29-1

Details

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-25220

Affected packages

Azure Linux:2 / bind

Package

Name: bind
Purl: pkg:rpm/azure-linux/bind

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.16.29-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-9118.json"