CVE-2025-13878

EUVD-2026-3599
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
iscCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Debian logo
Debian Releases
Debian Product
Codename
bind9
bookworm
vulnerable
bookworm (security)
1:9.18.44-1~deb12u1
fixed
bullseye
1:9.16.50-1~deb11u2
not-affected
bullseye (security)
1:9.16.50-1~deb11u4
fixed
forky
1:9.20.19-1
fixed
sid
1:9.20.19-1
fixed
trixie
vulnerable
trixie (security)
1:9.20.18-1~deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
questing
not-affected
trusty
not-affected
xenial
not-affected
isc-dhcp
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
questing
not-affected
trusty
not-affected
xenial
not-affected
bind9-libs
focal
not-affected
jammy
not-affected
noble
dne
questing
dne
Common Weakness Enumeration
References
https://downloads.isc.org/isc/bind9/9.18.44
https://downloads.isc.org/isc/bind9/9.20.18
https://downloads.isc.org/isc/bind9/9.21.17
https://kb.isc.org/docs/cve-2025-13878
http://www.openwall.com/lists/oss-security/2026/01/21/3