Updated: 2025-08-20 02:02:08.113841
Description:
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | bind-dyndb-ldap | 11.9 | 7.5 | HIGH | Not Vulnerable | 2025-12-05 21:56:57 | Not affected: CVE-2024-4076 is a defect in the BIND 9 named daemon that can trigger an assertion fai... | |
| AlmaLinux 9.2 ESU | bind | 9.16.23 | 7.5 | HIGH | Released | CLSA-2024:1726583188 | 2024-09-17 12:33:03 | Not affected: CVE-2024-4076 is a defect in the BIND 9 named daemon that can trigger an assertion fai... |
| CentOS 6 ELS | bind | 9.8.2 | 7.5 | HIGH | Not Vulnerable | 2024-07-30 17:23:11 | ||
| CentOS 7 ELS | bind | 9.11.4 | 7.5 | HIGH | Not Vulnerable | 2024-07-30 17:23:11 | ||
| CentOS 8.4 ELS | bind | 9.11.26 | 7.5 | HIGH | Not Vulnerable | 2024-09-02 14:26:12 | ||
| CentOS 8.5 ELS | bind | 9.11.26 | 7.5 | HIGH | Not Vulnerable | 2024-09-02 14:26:09 | ||
| CentOS Stream 8 ELS | bind | 9.11.36 | 7.5 | HIGH | Not Vulnerable | 2024-08-30 12:18:34 | ||
| CloudLinux 6 ELS | bind | 9.8.2 | 7.5 | HIGH | Not Vulnerable | 2024-07-30 17:23:13 | ||
| CloudLinux 7 ELS | bind | 9.11.4 | 7.5 | HIGH | Not Vulnerable | 2024-07-30 17:23:11 | ||
| Oracle Linux 6 ELS | bind | 9.8.2 | 7.5 | HIGH | Not Vulnerable | 2024-07-30 17:23:11 |