CVE-2025-13878
Deferred
Deferred - Pending Action
Malformed BRID/HHIT Records Cause BIND Named Crash (DoS
Vulnerability report for CVE-2025-13878, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-01-21
Last updated on: 2026-06-30
Assigner: Internet Systems Consortium (ISC)
Description
Description
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| isc | bind | From 9.18.40 (inc) to 9.18.43 (inc) |
| isc | bind | From 9.20.13 (inc) to 9.20.17 (inc) |
| isc | bind | From 9.21.12 (inc) to 9.21.16 (inc) |
| isc | bind | From 9.18.40-S1 (inc) to 9.18.43-S1 (inc) |
| isc | bind | From 9.20.13-S1 (inc) to 9.20.17-S1 (inc) |
| isc | bind | 9.18.44 |
| isc | bind | 9.20.18 |
| isc | bind | 9.21.17 |
| isc | bind | 9.18.44-S1 |
| isc | bind | 9.20.18-S1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1286 | The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |