vulnerability

ISC BIND: Assertion failure when serving both stale cache data and authoritative zone content (CVE-2024-4076)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Jul 24, 2024	Jul 24, 2024	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jul 24, 2024

Added

Jul 24, 2024

Modified

Mar 27, 2026

Description

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Solution

upgrade-isc-bind-latest

References

CVE-2024-4076
https://attackerkb.com/topics/CVE-2024-4076
CWE-617
EUVD-EUVD-2024-32639
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-32639
https://kb.isc.org/docs/cve-2024-4076

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today