CVE-2024-4076
Assertion failure when serving both stale cache data and authoritative zone content
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Las consultas de los clientes que desencadenan la entrega de datos obsoletos y que también requieren búsquedas en datos de la zona autorizada local pueden provocar un error de aserción. Este problema afecta a las versiones de BIND 9, 9.16.13 a 9.16.50, 9.18.0 a 9.18.27, 9.19.0 a 9.19.24, 9.11.33-S1 a 9.11.37-S1, 9.16.13-S1 a 9.16. 50-S1 y 9.18.11-S1 a 9.18.27-S1.
A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-23 CVE Reserved
- 2024-07-23 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2024/07/23/1 | ||
http://www.openwall.com/lists/oss-security/2024/07/31/2 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://kb.isc.org/docs/cve-2024-4076 | 2024-07-24 | |
https://access.redhat.com/security/cve/CVE-2024-4076 | 2024-09-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2298904 | 2024-09-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
ISC Search vendor "ISC" | BIND 9 Search vendor "ISC" for product "BIND 9" | >= 9.16.13 <= 9.16.50 Search vendor "ISC" for product "BIND 9" and version " >= 9.16.13 <= 9.16.50" | en |
Affected
| ||||||
ISC Search vendor "ISC" | BIND 9 Search vendor "ISC" for product "BIND 9" | >= 9.18.0 <= 9.18.27 Search vendor "ISC" for product "BIND 9" and version " >= 9.18.0 <= 9.18.27" | en |
Affected
| ||||||
ISC Search vendor "ISC" | BIND 9 Search vendor "ISC" for product "BIND 9" | >= 9.19.0 <= 9.19.24 Search vendor "ISC" for product "BIND 9" and version " >= 9.19.0 <= 9.19.24" | en |
Affected
|