CVE-2024-4076 - Vulnerability Details

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Isc	Bind
Redhat	Enterprise Linux Openshift Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
bind9.16-32:9.16.23-0.22.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:5390	2024-08-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
bind9.16-32:9.16.23-0.7.el8_6.6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2024:5418	2024-08-15T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
bind9.16-32:9.16.23-0.7.el8_6.6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2024:5418	2024-08-15T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
bind9.16-32:9.16.23-0.7.el8_6.6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2024:5418	2024-08-15T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
bind9.16-32:9.16.23-0.14.el8_8.5	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:5525	2024-08-19T00:00:00Z
Red Hat Enterprise Linux 9
bind-32:9.16.23-18.el9_4.6	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5231	2024-08-15T00:00:00Z
bind-dyndb-ldap-0:11.9-10.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5231	2024-08-15T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
bind-32:9.16.23-1.el9_0.7	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:5907	2024-08-27T00:00:00Z
bind-dyndb-ldap-0:11.9-7.el9_0.3	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:5907	2024-08-27T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
bind-32:9.16.23-11.el9_2.5	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5813	2024-08-26T00:00:00Z
bind-dyndb-ldap-0:11.9-8.el9_2.3	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5813	2024-08-26T00:00:00Z
Red Hat OpenShift Container Platform 4.13
rhcos-413.92.202408270922-0	cpe:/a:redhat:openshift:4.13::el9	RHSA-2024:6009	2024-09-04T00:00:00Z
Red Hat OpenShift Container Platform 4.14
rhcos-414.92.202409041930-0	cpe:/a:redhat:openshift:4.14::el9	RHSA-2024:6406	2024-09-11T00:00:00Z
Red Hat OpenShift Container Platform 4.15
rhcos-415.92.202408271217-0	cpe:/a:redhat:openshift:4.15::el9	RHSA-2024:6013	2024-09-05T00:00:00Z
Red Hat OpenShift Container Platform 4.16
rhcos-416.94.202408260940-0	cpe:/a:redhat:openshift:4.16::el9	RHSA-2024:6004	2024-09-03T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/07/23/1
http://www.openwall.com/lists/oss-security/2024/07/31/2
https://kb.isc.org/docs/cve-2024-4076
https://nvd.nist.gov/vuln/detail/CVE-2024-4076
https://security.netapp.com/advisory/ntap-20240731-0001/
https://www.cve.org/CVERecord?id=CVE-2024-4076

History

Fri, 14 Feb 2025 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Isc Isc bind
CPEs		cpe:2.3:a:isc:bind::::::::
Vendors & Products		Isc Isc bind
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el9

Fri, 06 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift
CPEs		cpe:/a:redhat:openshift:4.13::el9 cpe:/a:redhat:openshift:4.15::el9 cpe:/a:redhat:openshift:4.16::el9
Vendors & Products		Redhat openshift

Wed, 28 Aug 2024 06:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0

Mon, 26 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.2

Mon, 19 Aug 2024 22:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:8.8
Vendors & Products		Redhat rhel Eus

Fri, 16 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_tus:8.6
Vendors & Products		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus

MITRE

Status: PUBLISHED

Assigner: isc

Published: 2024-07-23T14:40:57.256Z

Updated: 2025-02-13T17:53:23.437Z

Reserved: 2024-04-23T13:59:44.699Z

Link: CVE-2024-4076

Vulnrichment

Updated: 2024-08-01T20:33:51.640Z

NVD

Status : Awaiting Analysis

Published: 2024-07-23T15:15:05.500

Modified: 2024-11-21T09:42:08.807

Link: CVE-2024-4076

Redhat

Severity : Important

Publid Date: 2024-07-23T00:00:00Z

Links: CVE-2024-4076 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-4076", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2024-04-23T13:59:44.699Z", "datePublished": "2024-07-23T14:40:57.256Z", "dateUpdated": "2025-02-13T17:53:23.437Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2024-07-31T11:05:58.936Z"}, "title": "Assertion failure when serving both stale cache data and authoritative zone content", "datePublic": "2024-07-23T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.16.13", "lessThanOrEqual": "9.16.50", "status": "affected", "versionType": "custom"}, {"version": "9.18.0", "lessThanOrEqual": "9.18.27", "status": "affected", "versionType": "custom"}, {"version": "9.19.0", "lessThanOrEqual": "9.19.24", "status": "affected", "versionType": "custom"}, {"version": "9.11.33-S1", "lessThanOrEqual": "9.11.37-S1", "status": "affected", "versionType": "custom"}, {"version": "9.16.13-S1", "lessThanOrEqual": "9.16.50-S1", "status": "affected", "versionType": "custom"}, {"version": "9.18.11-S1", "lessThanOrEqual": "9.18.27-S1", "status": "affected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "descriptions": [{"lang": "en", "value": "Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."}], "impacts": [{"descriptions": [{"lang": "en", "value": "A `named` instance vulnerable to this logic error may terminate unexpectedly."}]}], "workarounds": [{"lang": "en", "value": "Disabling serve-stale answers mitigates this issue."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."}], "credits": [{"lang": "en", "value": "ISC would like to thank Daniel Str\u00e4nger for bringing this vulnerability to our attention."}], "references": [{"url": "https://kb.isc.org/docs/cve-2024-4076", "name": "CVE-2024-4076", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-617", "lang": "en", "description": "CWE-617 Reachable Assertion"}]}], "affected": [{"vendor": "isc", "product": "bind", "cpes": ["cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.16.13", "status": "affected", "lessThanOrEqual": "9.16.50", "versionType": "custom"}, {"version": "9.18.0", "status": "affected", "lessThanOrEqual": "9.18.27", "versionType": "custom"}, {"version": "9.19.0", "status": "affected", "lessThanOrEqual": "9.19.24", "versionType": "custom"}, {"version": "9.11.33-s1", "status": "affected", "lessThanOrEqual": "9.11.37-s1", "versionType": "custom"}, {"version": "9.16.13-s1", "status": "affected", "lessThanOrEqual": "9.16.50-s1", "versionType": "custom"}, {"version": "9.18.11-s1", "status": "affected", "lessThanOrEqual": "9.18.27-s1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T15:10:37.488270Z", "id": "CVE-2024-4076", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T18:47:06.657Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240731-0001/"}, {"url": "https://kb.isc.org/docs/cve-2024-4076", "name": "CVE-2024-4076", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:51.640Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240731-0001/"}, {"url": "https://kb.isc.org/docs/cve-2024-4076", "name": "CVE-2024-4076", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:51.640Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4076", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T15:10:37.488270Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"], "vendor": "isc", "product": "bind", "versions": [{"status": "affected", "version": "9.16.13", "versionType": "custom", "lessThanOrEqual": "9.16.50"}, {"status": "affected", "version": "9.18.0", "versionType": "custom", "lessThanOrEqual": "9.18.27"}, {"status": "affected", "version": "9.19.0", "versionType": "custom", "lessThanOrEqual": "9.19.24"}, {"status": "affected", "version": "9.11.33-s1", "versionType": "custom", "lessThanOrEqual": "9.11.37-s1"}, {"status": "affected", "version": "9.16.13-s1", "versionType": "custom", "lessThanOrEqual": "9.16.50-s1"}, {"status": "affected", "version": "9.18.11-s1", "versionType": "custom", "lessThanOrEqual": "9.18.27-s1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T15:34:53.558Z"}}], "cna": {"title": "Assertion failure when serving both stale cache data and authoritative zone content", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "ISC would like to thank Daniel Str\u00e4nger for bringing this vulnerability to our attention."}], "impacts": [{"descriptions": [{"lang": "en", "value": "A `named` instance vulnerable to this logic error may terminate unexpectedly."}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"status": "affected", "version": "9.16.13", "versionType": "custom", "lessThanOrEqual": "9.16.50"}, {"status": "affected", "version": "9.18.0", "versionType": "custom", "lessThanOrEqual": "9.18.27"}, {"status": "affected", "version": "9.19.0", "versionType": "custom", "lessThanOrEqual": "9.19.24"}, {"status": "affected", "version": "9.11.33-S1", "versionType": "custom", "lessThanOrEqual": "9.11.37-S1"}, {"status": "affected", "version": "9.16.13-S1", "versionType": "custom", "lessThanOrEqual": "9.16.50-S1"}, {"status": "affected", "version": "9.18.11-S1", "versionType": "custom", "lessThanOrEqual": "9.18.27-S1"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."}], "datePublic": "2024-07-23T00:00:00.000Z", "references": [{"url": "https://kb.isc.org/docs/cve-2024-4076", "name": "CVE-2024-4076", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"}], "workarounds": [{"lang": "en", "value": "Disabling serve-stale answers mitigates this issue."}], "descriptions": [{"lang": "en", "value": "Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2024-07-31T11:05:58.936Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4076", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:53:23.437Z", "dateReserved": "2024-04-23T13:59:44.699Z", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2024-07-23T14:40:57.256Z", "assignerShortName": "isc"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."}, {"lang": "es", "value": " Las consultas de los clientes que desencadenan la entrega de datos obsoletos y que tambi\u00e9n requieren b\u00fasquedas en datos de la zona autorizada local pueden provocar un error de aserci\u00f3n. Este problema afecta a las versiones de BIND 9, 9.16.13 a 9.16.50, 9.18.0 a 9.18.27, 9.19.0 a 9.19.24, 9.11.33-S1 a 9.11.37-S1, 9.16.13-S1 a 9.16. 50-S1 y 9.18.11-S1 a 9.18.27-S1."}], "id": "CVE-2024-4076", "lastModified": "2024-11-21T09:42:08.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2024-07-23T15:15:05.500", "references": [{"source": "security-officer@isc.org", "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"}, {"source": "security-officer@isc.org", "url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"}, {"source": "security-officer@isc.org", "url": "https://kb.isc.org/docs/cve-2024-4076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.isc.org/docs/cve-2024-4076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240731-0001/"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5390", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "bind9.16-32:9.16.23-0.22.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5418", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5418", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5418", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5525", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "bind9.16-32:9.16.23-0.14.el8_8.5", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5231", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-32:9.16.23-18.el9_4.6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5231", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-dyndb-ldap-0:11.9-10.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5907", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "bind-32:9.16.23-1.el9_0.7", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-27T00:00:00Z"}, {"advisory": "RHSA-2024:5907", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "bind-dyndb-ldap-0:11.9-7.el9_0.3", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-27T00:00:00Z"}, {"advisory": "RHSA-2024:5813", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "bind-32:9.16.23-11.el9_2.5", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5813", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "bind-dyndb-ldap-0:11.9-8.el9_2.3", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:6009", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "rhcos-413.92.202408270922-0", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6406", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "rhcos-414.92.202409041930-0", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6013", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "rhcos-415.92.202408271217-0", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-09-05T00:00:00Z"}, {"advisory": "RHSA-2024:6004", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "rhcos-416.94.202408260940-0", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-09-03T00:00:00Z"}], "bugzilla": {"description": "bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content", "id": "2298904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298904"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.", "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-4076", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bind9.18", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-4076\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4076"], "statement": "The discovered flaw in the BIND9 package is of high severity due to its dual impact on DNS server functionality and stability. The issue where client queries trigger the return of stale data undermines the integrity and reliability of DNS responses, potentially leading to incorrect or outdated information being served to clients. This can cause significant disruptions in services reliant on accurate DNS resolutions. Moreover, the assertion failure triggered by local lookups poses a critical threat, as it can crash the BIND server, resulting in a denial of service (DoS). Such an outage disrupts DNS operations, impacting network availability and access to internet services.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object