CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-4076: Assertion failure when serving both stale cache data and authoritative zone content

7.5 CVSS

Description

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Classification

CVE ID: CVE-2024-4076

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: ISC

Product: BIND 9

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.39% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://kb.isc.org/docs/cve-2024-4076
http://www.openwall.com/lists/oss-security/2024/07/23/1
http://www.openwall.com/lists/oss-security/2024/07/31/2

Timeline

2025-02-14 00:32:24 UTC
CVE

Assertion failure when serving both stale cache data and authoritative zone content