DEBIAN-CVE-2024-4076

DEBIAN-CVE-2024-4076 PUBLISHED CVSS 7.5 HIGH

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	bind9	9.16.48-1, 1:9.16.15-1, 1:9.16.21-1
Debian:12	bind9	9.18.24-1, *, 1:9.18.12-1
Debian:14	bind9	0, 0
Debian:13	bind9	0, 0

Exploit Intelligence

index.html (github-poc)
index.html (github-poc)

Timeline

Jul 23, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-4076 advisory

Open in Interactive Console →