---

CVE-2021-25218 - log back

CVE-2021-25218 created at 23 Aug 2021 10:48:39
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ In BIND before version 9.16.20, if "named" attempts to respond over UDP with a response that is larger than the current effective interface maximum transmission unit (MTU), and if response-rate limiting (RRL) is active, an assertion failure is triggered (resulting in termination of the "named" server process).
References	+ https://kb.isc.org/docs/cve-2021-25218 + https://downloads.isc.org/isc/bind9/9.16.20/patches/CVE-2021-25218.patch + https://github.com/isc-projects/bind9/commit/f9571bbc5fd7ca7067e80058758fc7b5be8b951a
Notes