vulnerability

Amazon Linux 2023: CVE-2024-4076: Important priority package update for bind

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jul 23, 2024
Added
Feb 17, 2025
Modified
Jul 9, 2025

Description

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.

Solutions

amazon-linux-2023-upgrade-bindamazon-linux-2023-upgrade-bind-chrootamazon-linux-2023-upgrade-bind-debuginfoamazon-linux-2023-upgrade-bind-debugsourceamazon-linux-2023-upgrade-bind-develamazon-linux-2023-upgrade-bind-dlz-filesystemamazon-linux-2023-upgrade-bind-dlz-filesystem-debuginfoamazon-linux-2023-upgrade-bind-dlz-ldapamazon-linux-2023-upgrade-bind-dlz-ldap-debuginfoamazon-linux-2023-upgrade-bind-dlz-mysqlamazon-linux-2023-upgrade-bind-dlz-mysql-debuginfoamazon-linux-2023-upgrade-bind-dlz-sqlite3amazon-linux-2023-upgrade-bind-dlz-sqlite3-debuginfoamazon-linux-2023-upgrade-bind-dnssec-utilsamazon-linux-2023-upgrade-bind-dnssec-utils-debuginfoamazon-linux-2023-upgrade-bind-docamazon-linux-2023-upgrade-bind-libsamazon-linux-2023-upgrade-bind-libs-debuginfoamazon-linux-2023-upgrade-bind-licenseamazon-linux-2023-upgrade-bind-utilsamazon-linux-2023-upgrade-bind-utils-debuginfo

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report