IscVULNRICHMENT:CVE-2024-4076CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
16.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"
],
"vendor": "isc",
"product": "bind",
"versions": [
{
"status": "affected",
"version": "9.16.13",
"versionType": "custom",
"lessThanOrEqual": "9.16.50"
},
{
"status": "affected",
"version": "9.18.0",
"versionType": "custom",
"lessThanOrEqual": "9.18.27"
},
{
"status": "affected",
"version": "9.19.0",
"versionType": "custom",
"lessThanOrEqual": "9.19.24"
},
{
"status": "affected",
"version": "9.11.33-s1",
"versionType": "custom",
"lessThanOrEqual": "9.11.37-s1"
},
{
"status": "affected",
"version": "9.16.13-s1",
"versionType": "custom",
"lessThanOrEqual": "9.16.50-s1"
},
{
"status": "affected",
"version": "9.18.11-s1",
"versionType": "custom",
"lessThanOrEqual": "9.18.27-s1"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
16.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial