{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-13878","assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","state":"PUBLISHED","assignerShortName":"isc","dateReserved":"2025-12-02T11:08:04.266Z","datePublished":"2026-01-21T14:43:27.260Z","dateUpdated":"2026-06-30T12:07:24.982Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc","dateUpdated":"2026-01-21T14:43:27.260Z"},"title":"Malformed BRID/HHIT records can cause named to terminate unexpectedly","datePublic":"2026-01-21T00:00:00.000Z","affected":[{"vendor":"ISC","product":"BIND 9","versions":[{"version":"9.18.40","lessThanOrEqual":"9.18.43","status":"affected","versionType":"custom"},{"version":"9.20.13","lessThanOrEqual":"9.20.17","status":"affected","versionType":"custom"},{"version":"9.21.12","lessThanOrEqual":"9.21.16","status":"affected","versionType":"custom"},{"version":"9.18.40-S1","lessThanOrEqual":"9.18.43-S1","status":"affected","versionType":"custom"},{"version":"9.20.13-S1","lessThanOrEqual":"9.20.17-S1","status":"affected","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"nodes":[{"operator":"OR","cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.18.40","versionEndIncluding":"9.18.43"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.20.13","versionEndIncluding":"9.20.17"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.21.12","versionEndIncluding":"9.21.16"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.18.40-S1","versionEndIncluding":"9.18.43-S1"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.20.13-S1","versionEndIncluding":"9.20.17-S1"}]}]}],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-617","description":"CWE-617 Reachable Assertion"}]}],"descriptions":[{"lang":"en","value":"Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1."}],"impacts":[{"descriptions":[{"lang":"en","value":"An attacker can cause `named` to crash by sending a request that results in a corrupt or malicious record."}]}],"workarounds":[{"lang":"en","value":"No workarounds known."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.44, 9.20.18, 9.21.17, 9.18.44-S1, or 9.20.18-S1."}],"credits":[{"lang":"en","value":"ISC would like to thank Vlatko Kosturjak from Marlink Cyber for bringing this vulnerability to our attention."}],"references":[{"url":"https://kb.isc.org/docs/cve-2025-13878","name":"CVE-2025-13878","tags":["vendor-advisory"]},{"url":"https://downloads.isc.org/isc/bind9/9.18.44","tags":["patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.20.18","tags":["patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.17","tags":["patch"]}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-21T14:57:50.807267Z","id":"CVE-2025-13878","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-21T14:58:14.618Z"}},{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2026/01/21/3"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-01-21T18:13:38.157Z"}},{"affected":[{"cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"affected","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"}],"datePublic":"2026-01-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in bind. A remote attacker can send a specially crafted request that results in a corrupt or malicious record, causing the 'named' service to crash. This vulnerability leads to a Denial of Service (DoS) for authoritative servers and resolvers."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1286","description":"Improper Validation of Syntactic Correctness of Input","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-13878"},{"name":"RHBZ#2431600","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431600"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13878.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6935"}],"solutions":[{"lang":"en","value":"RHSA-2026:6935: Red Hat Hardened Images"}],"timeline":[{"lang":"en","time":"2026-01-21T13:45:49.972Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-01-21T00:00:00.000Z","value":"Made public."}],"title":"bind: bind: Denial of Service via corrupt or malicious record","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:07:24.982Z"}}]}}