CVE-2025-13878

HIGH

BIND <9.18.44-9.20.18-9.21.17 - DoS

Title source: llm

Description

Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.

References (5)

[Various Sources] https://downloads.isc.org/isc/bind9/9.18.44

[Various Sources] https://downloads.isc.org/isc/bind9/9.20.18

[Various Sources] https://downloads.isc.org/isc/bind9/9.21.17

[Various Sources] https://kb.isc.org/docs/cve-2025-13878

[Mailing List] http://www.openwall.com/lists/oss-security/2026/01/21/3

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 12.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-617

Status draft

Timeline

Published Jan 21, 2026

Tracked Since Feb 18, 2026