Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN059
_____________________________________________________________________

DATE                : 21/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running BIND versions prior to
                         9.18.44, 9.20.18, 9.21.17.

=====================================================================
https://kb.isc.org/docs/cve-2025-13878
_____________________________________________________________________

CVE-2025-13878: Malformed BRID/HHIT records can cause named to 
terminate unexpectedly

Updated

    Updated on Jan 21, 2026
    Published on Jan 21, 2026 

    Peter Davies

CVE: CVE-2025-13878


Title: Malformed BRID/HHIT records can cause named to terminate 
unexpectedly

Document version: 2.0

Posting date: 21 January 2026

Program impacted: BIND 9

Versions affected:

BIND

    9.18.40 -> 9.18.43
    9.20.13 -> 9.20.17
    9.21.12 -> 9.21.16

BIND Supported Preview Edition

    9.18.40-S1 -> 9.18.43-S1
    9.20.13-S1 -> 9.20.17-S1

Severity: High

Exploitable: Remotely

Description:

Malformed BRID/HHIT records can cause named to terminate unexpectedly.


Impact:

An attacker can cause named to crash by sending a request that results 
in a corrupt or malicious record.

    Authoritative servers are affected by this vulnerability.

    Resolvers are affected by this vulnerability.

CVSS Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

For more information on the Common Vulnerability Scoring System and to 
obtain your specific environmental score please visit: 
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
R:N/UI:N/S:U/C:N/I:N/A:H&version=3.1.


Workarounds:

No workarounds known.


Active exploits:

We are not aware of any active exploits.


Solution:

Upgrade to the patched release most closely related to your current 
version of BIND 9:

    9.18.44
    9.20.18
    9.21.17

BIND Supported Preview Edition is a special feature preview branch of 
BIND provided to eligible ISC support customers.

    9.18.44-S1
    9.20.18-S1


Acknowledgments:

ISC would like to thank Vlatko Kosturjak from Marlink Cyber for 
bringing this vulnerability to our attention.


Document revision history:

    1.0 Early Notification, 14 January 2026
    2.0 Public disclosure, 21 January 2026


Related documents:

See our BIND 9 Security Vulnerability Matrix for a complete listing of 
security vulnerabilities and versions affected.

Do you still have questions? Questions regarding this advisory should 
be mailed to bind-security@isc.org or posted as confidential GitLab 
issues at 
https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidenti
al]=true.

Note:

ISC patches only currently supported versions. When possible we 
indicate EOL versions affected. For current information on which 
versions are actively supported, please see 
https://www.isc.org/download/.

ISC Security Vulnerability Disclosure Policy:

Details of our current security advisory policy and practice can be 
found in the ISC Software Defect and Security Vulnerability Disclosure 
Policy at https://kb.isc.org/docs/aa-00861.

The Knowledgebase article https://kb.isc.org/docs/cve-2025-13878 is 
the complete and official security advisory document.


Legal Disclaimer:

Internet Systems Consortium (ISC) is providing this notice on an “AS 
IS” basis. No warranty or guarantee of any kind is expressed in this 
notice and none should be implied. ISC expressly excludes and 
disclaims any warranties regarding this notice or materials referred 
to in this notice, including, without limitation, any implied warranty 
of merchantability, fitness for a particular purpose, absence of 
hidden defects, or of non-infringement. Your use or reliance on this 
notice or materials referred to in this notice is at your own risk. 
ISC may change this notice at any time. A stand-alone copy or 
paraphrase of the text of this document that omits the document URL is 
an uncontrolled copy. Uncontrolled copies may lack important 
information, be out of date, or contain factual errors.
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================