CVE-2024-4076

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.11.33-S1 through 9.11.37-S1 BIND 9 versions 9.16.13 through 9.16.50 BIND 9 versions 9.16.13-S1 through 9.16.50-S1 BIND 9 versions 9.18.0 through 9.18.27 BIND 9 versions 9.18.11-S1 through 9.18.27-S1 BIND 9 versions 9.19.0 through 9.19.24

Description Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. The issue is related to the use of the assert() function or similar operators. Exploitation of the issue may allow a remote attacker to cause a denial of service by sending specially crafted requests.

Recommendations For BIND 9 versions 9.11.33-S1 through 9.11.37-S1, update to a version that contains a fix for this issue. For BIND 9 versions 9.16.13 through 9.16.50, update to a version that contains a fix for this issue. For BIND 9 versions 9.16.13-S1 through 9.16.50-S1, update to a version that contains a fix for this issue. For BIND 9 versions 9.18.0 through 9.18.27, update to a version that contains a fix for this issue. For BIND 9 versions 9.18.11-S1 through 9.18.27-S1, update to a version that contains a fix for this issue. For BIND 9 versions 9.19.0 through 9.19.24, update to a version that contains a fix for this issue. As a temporary workaround, consider disabling the assert() function or similar operators until a patch is available. Restrict access to the local authoritative zone data to minimize the risk of exploitation. Avoid using the KEY Resource Record in the DNSSEC-signed domain in cache until the issue is resolved.