CVE-2021-25218: A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use

ISC BIND Security Advisory

CVE: CVE-2021-25218
Document version: 2.0
Posting date: 18 August 2021
Program impacted: BIND
Versions affected: BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition
Severity: High
Exploitable: Remotely
If named attempts to respond over UDP with a response that is larger than the current effective interface maximum transmission unit (MTU), and if response-rate limiting (RRL) is active, an assertion failure is triggered (resulting in termination of the n …