CVE-2024-4076

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/07/23/1
http://www.openwall.com/lists/oss-security/2024/07/31/2
https://kb.isc.org/docs/cve-2024-4076
Configurations

No configuration.

History

01 Aug 2024, 13:59

Type Values Removed Values Added
CWE CWE-617

31 Jul 2024, 11:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/31/2 -

24 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Las consultas de los clientes que desencadenan la entrega de datos obsoletos y que también requieren búsquedas en datos de la zona autorizada local pueden provocar un error de aserción. Este problema afecta a las versiones de BIND 9, 9.16.13 a 9.16.50, 9.18.0 a 9.18.27, 9.19.0 a 9.19.24, 9.11.33-S1 a 9.11.37-S1, 9.16.13-S1 a 9.16. 50-S1 y 9.18.11-S1 a 9.18.27-S1.

23 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/23/1 -

23 Jul 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-23 15:15

Updated : 2024-08-01 13:59

NVD link : CVE-2024-4076

Mitre link : CVE-2024-4076

CVE.ORG link : CVE-2024-4076

JSON object : View

Products Affected

No product.

CWE
CWE-617

Reachable Assertion