CVE-2024-4076: 
Rocky Linux vulnerability analysis and mitigation

CVE-2024-4076 is a vulnerability in BIND 9 where client queries that trigger serving stale data and require lookups in local authoritative zone data may result in an assertion failure. The vulnerability affects multiple versions of BIND 9, including versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. The vulnerability was disclosed on July 23, 2024 (ISC Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-617 (Reachable Assertion) and affects the server's ability to handle specific types of DNS queries (NVD).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition through an assertion failure in the BIND server. The vulnerability specifically impacts scenarios where stale data serving coincides with local authoritative zone data lookups (NetApp Advisory).

Internet Systems Consortium (ISC) has released updated versions of BIND 9 to address this vulnerability. The fixes are available through the official ISC downloads page. Operators and package maintainers can find individual vulnerability-specific patches in the 'patches' subdirectory of each published release directory (OSS Security).