CVE-2025-13878

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.18.40 through 9.18.43 BIND 9 versions 9.20.13 through 9.20.17 BIND 9 versions 9.21.12 through 9.21.16 BIND 9 versions 9.18.40-S1 through 9.18.43-S1 BIND 9 versions 9.20.13-S1 through 9.20.17-S1

Description Malformed BRID/HHIT records can cause the named daemon to terminate unexpectedly, leading to a denial-of-service condition. The issue is remotely exploitable without authentication and affects both authoritative name servers and DNS resolvers. The vulnerability allows remote attackers to crash DNS servers by sending specially crafted DNS records. Multiple sources indicate this is a high-severity flaw, with some referring to it as a potential "DNS Doomsday Bug". The vulnerability impacts the named process, which is responsible for handling DNS queries.

Recommendations Upgrade to BIND 9 version 9.18.44 Upgrade to BIND 9 version 9.20.18 Upgrade to BIND 9 version 9.21.17