cbcvebase.
CVE-2024-4076
published 2024-07-23

CVE-2024-4076: Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Affected

24 ranges
VendorProductVersion rangeFixed in
debianbind9< bind9 1:9.18.28-1~deb12u1 (bookworm)bind9 1:9.18.28-1~deb12u1 (bookworm)
iscbind>= 0 < 9.18.31-r09.18.31-r0
iscbind>= 0 < 9.18.31-r09.18.31-r0
iscbind>= 0 < 9.18.31-r09.18.31-r0
iscbind>= 0 < 9.18.31-r09.18.31-r0
iscbind>= 0 < 9.18.28-r09.18.28-r0
iscbind>= 0 < 9.18.28-r09.18.28-r0
iscbind>= 0 < 9.18.28-r09.18.28-r0
iscbind9>= 0 < 1:9.16.50-1~deb11u11:9.16.50-1~deb11u1
iscbind9>= 0 < 1:9.18.28-1~deb12u11:9.18.28-1~deb12u1
iscbind9>= 0 < 1:9.20.0-11:9.20.0-1
iscbind9>= 0 < 1:9.20.0-11:9.20.0-1
iscbind9>= 0 < 1:9.18.28-0ubuntu0.20.04.11:9.18.28-0ubuntu0.20.04.1
iscbind9>= 0 < 1:9.18.28-0ubuntu0.22.04.11:9.18.28-0ubuntu0.22.04.1
iscbind9>= 0 < 1:9.18.28-0ubuntu0.24.04.11:9.18.28-0ubuntu0.24.04.1
iscbind_99.11.33-S1 – 9.11.37-S1
iscbind_99.16.13 – 9.16.50
iscbind_99.16.13-S1 – 9.16.50-S1
iscbind_99.18.0 – 9.18.27
iscbind_99.18.11-S1 – 9.18.27-S1
iscbind_99.19.0 – 9.19.24
msrcazl3_bind_9.19.21-1_on_azure_linux_3.0
msrcazl3_bind_9.20.0-1_on_azure_linux_3.0
msrccbl2_bind_9.16.50-1_on_cbl_mariner_2.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH