CVE-2025-13878

HIGH

BIND <9.18.44-9.20.18-9.21.17 - DoS

Title source: llm

Description

Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.

References (5)

[Mailing List] http://www.openwall.com/lists/oss-security/2026/01/21/3

[Various Sources] https://kb.isc.org/docs/cve-2025-13878

[Various Sources] https://downloads.isc.org/isc/bind9/9.18.44

[Various Sources] https://downloads.isc.org/isc/bind9/9.20.18

[Various Sources] https://downloads.isc.org/isc/bind9/9.21.17

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (5)

ISC/BIND 9 9.18.40 - 9.18.43

ISC/BIND 9 9.18.40-S1 - 9.18.43-S1

ISC/BIND 9 9.20.13 - 9.20.17

ISC/BIND 9 9.20.13-S1 - 9.20.17-S1

ISC/BIND 9 9.21.12 - 9.21.16

Published Jan 21, 2026

Tracked Since Feb 18, 2026