7.5
CVE-2025-13878
- EPSS 8.22%
- Veröffentlicht 21.01.2026 14:43:27
- Zuletzt bearbeitet 30.06.2026 03:16:43
- Quelle security-officer@isc.org
- CVE-Watchlists
- Unerledigt
Malformed BRID/HHIT records can cause named to terminate unexpectedly
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4
Default Statusunaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.22% | 0.942 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-officer@isc.org | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1286 Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://kb.isc.org/docs/cve-2025-13878
https://downloads.isc.org/isc/bind9/9.18.44
https://downloads.isc.org/isc/bind9/9.20.18
https://downloads.isc.org/isc/bind9/9.21.17
http://www.openwall.com/lists/oss-security/2026/01/21/3
https://access.redhat.com/errata/RHSA-2026:6935
https://access.redhat.com/security/cve/CVE-2025-13878
https://bugzilla.redhat.com/show_bug.cgi?id=2431600
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13878.json