The vulnerability, tracked as CVE-2025-13878, enables remote attackers to crash DNS servers by sending specially crafted, malformed DNS records, potentially disrupting critical internet infrastructure and organizational services.
The vulnerability stems from improper handling of malformed BRID (Breadth-first Record ID) and HHIT (Host Hash Information Table) records within BIND 9’s named daemon.
| Field | Value |
|---|---|
| CVE Identifier | CVE-2025-13878 |
| Title | Malformed BRID/HHIT records can cause named to terminate unexpectedly |
| Affected Software | BIND 9 (DNS Server) |
| Vulnerability Type | Denial of Service (DoS) |
| Attack Vector | Network (Remote) |
| CVSS v3.1 Score | 7.5 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
When a DNS server receives a request containing corrupted or malicious records of these types, the daemon terminates unexpectedly, causing a complete service outage.
This denial-of-service (DoS) condition affects both authoritative nameservers and DNS resolvers, expanding the attack surface across diverse network architectures.
The vulnerability carries a CVSS v3.1 severity score of 7.5 (High), with an attack vector rated as Network-based, requiring no special privileges or user interaction.
This accessibility makes the flaw particularly concerning for publicly accessible DNS infrastructure.
| BIND Version Branch | Vulnerable Versions | Patched Version |
|---|---|---|
| BIND 9 (Standard) | 9.18.40 – 9.18.43 | 9.18.44 |
| BIND 9 (Standard) | 9.20.13 – 9.20.17 | 9.20.18 |
| BIND 9 (Standard) | 9.21.12 – 9.21.16 | 9.21.17 |
| BIND SPE (Preview) | 9.18.40-S1 – 9.18.43-S1 | 9.18.44-S1 |
| BIND SPE (Preview) | 9.20.13-S1 – 9.20.17-S1 | 9.20.18-S1 |
ISC disclosed this vulnerability publicly on January 21, 2026, following an early notification issued on January 14, 2026. The advisory recommends upgrading to the latest patched versions.
Notably, no active exploits are currently documented in the wild, providing organizations a critical window for proactive remediation before potential exploitation campaigns emerge.
Currently, no workarounds exist, making patching the only viable mitigation strategy. Organizations running BIND 9 should prioritize updating to the latest patched versions in their respective branches.
ISC acknowledges the security researcher for responsibly disclosing this vulnerability, demonstrating the continued importance of coordinated vulnerability reporting.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post BIND 9 Vulnerability Allow Attackers to Crash Server by Sending Malicious Records appeared first on Cyber Security News.
ROCKFORD, Ill. (WTVO) — The Community Action Garden grants are now available for all neighborhood,…
Illinois Lt. Gov. Juliana Stratton, backed by Gov. J.B. Pritzker, will face Republican Don Tracy…
The U.S. Capitol on March 3, 2026. (Photo by Jennifer Shutt/States Newsroom)WASHINGTON — U.S. Senate…
The Belvidere School Board has released survey regarding their Masters Facility Plans. A big question…
Darren Bailey has won the Republican nomination for Illinois Governor, promising to cut taxes, reduce…
The new trailer for Dune: Part 3 just dropped and it looks incredible. The third…
This website uses cookies.