CVE-2024-4076

CWE-617 — Reachable Assertion9 documents8 sources

Severity

7.5HIGH

EPSS

0.1%

top 79.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind 9

Timeline

PublishedJul 23

Description

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Alpinebind< 9.18.31-r0+6

▶Debianbind9< 1:9.16.50-1~deb11u1+3

▶CVEListV5isc/bind_99.16.13 — 9.16.50+5

🔴Vulnerability Details

GHSA

GHSA-gfw8-mh94-9w58: Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure↗2024-07-23

▶

OSV

CVE-2024-4076: Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure↗2024-07-23

▶

OSV

CVE-2024-4076: Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure↗2024-07-23

▶

CVEList

Assertion failure when serving both stale cache data and authoritative zone content↗2024-07-23

▶

📋Vendor Advisories

Red Hat

bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content↗2024-07-23

▶

Ubuntu

Bind vulnerabilities↗2024-07-23

▶

Microsoft

Assertion failure when serving both stale cache data and authoritative zone content↗2024-07-09

▶

Debian

CVE-2024-4076: bind9 - Client queries that trigger serving stale data and that also require lookups in ...↗2024

▶