CVE-2025-13878

EUVD-2026-3599
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Debian logo
Debian Releases
Debian Product
Codename
bind9
bookworm
1:9.18.47-1~deb12u1
fixed
bookworm (security)
1:9.18.49-1~deb12u1
fixed
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u5
fixed
forky
1:9.20.22-1
fixed
sid
1:9.20.23-1
fixed
trixie
1:9.20.21-1~deb13u1
fixed
trixie (security)
1:9.20.23-1~deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
questing
not-affected
trusty
not-affected
xenial
not-affected
isc-dhcp
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
questing
not-affected
trusty
not-affected
xenial
not-affected
bind9-libs
focal
not-affected
jammy
not-affected
noble
dne
questing
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bind
suse enterprise sap 15 SP7
9.20.18-150700.3.15.1
fixed
suse enterprise server 15 SP7
9.20.18-150700.3.15.1
fixed
bind-doc
suse enterprise sap 15 SP7
9.20.18-150700.3.15.1
fixed
suse enterprise server 15 SP7
9.20.18-150700.3.15.1
fixed
Common Weakness Enumeration
References
https://downloads.isc.org/isc/bind9/9.18.44
https://downloads.isc.org/isc/bind9/9.20.18
https://downloads.isc.org/isc/bind9/9.21.17
https://kb.isc.org/docs/cve-2025-13878
http://www.openwall.com/lists/oss-security/2026/01/21/3