7.5

CVE-2025-13878

Malformed BRID/HHIT records can cause named to terminate unexpectedly

Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.22% 0.942
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-officer@isc.org 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://kb.isc.org/docs/cve-2025-13878
https://downloads.isc.org/isc/bind9/9.18.44
https://downloads.isc.org/isc/bind9/9.20.18
https://downloads.isc.org/isc/bind9/9.21.17
http://www.openwall.com/lists/oss-security/2026/01/21/3
https://access.redhat.com/errata/RHSA-2026:6935
https://access.redhat.com/security/cve/CVE-2025-13878
https://bugzilla.redhat.com/show_bug.cgi?id=2431600
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13878.json