BIND fixes lame cache vulnerability (CVE-2021-25219)

BIND fixes lame cache vulnerability (CVE-2021-25218)

The Internet Systems Consortium (ISC) has released a security update that fixes a Medium severity vulnerability in multiple versions of ISC Berkeley Internet Name Domain (BIND).

BIND is the most widely used Domain Name System software on the Internet.

The latest BIND patch addresses a vulnerability (CVE-2021-25219) that could allow lame cache to be abused and severely degrade resolver performance.

The lame cache design flaw may cause internal data structures to grow almost infinitely, thus causing “significant delays in client query processing.”

As noted in the advisory, ISC described the BIND issue and impact:

“A successful attack exploiting this flaw causes a named resolver to spend most of its CPU time on managing and checking the lame cache. This results in client queries being responded to with large delays, and increased likelihood of DNS timeouts on client hosts.


Moreover, ISC recommends users upgrade to the appropriate BIND version:

  • BIND 9.11.36
  • BIND 9.16.22
  • BIND 9.17.19.
  • BIND 9.11.36-S1 (Supported Preview Edition)
  • BIND 9.16.22-S1 (Supported Preview Edition).

Readers are encouraged to also check out related articles below for related DNS vulnerabilities and cyberattacks.

Related Articles