Bug 2431923 - CVE-2025-13878 dhcp: bind: Denial of Service via corrupt or malicious record [fedora-42]
Summary: CVE-2025-13878 dhcp: bind: Denial of Service via corrupt or malicious record ...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: dhcp
Version: 42
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Martin Osvald 🛹
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["62cb09ad-f312-4caa-bcbc-3...
Depends On:
Blocks: CVE-2025-13878
TreeView+ depends on / blocked
 
Reported: 2026-01-22 03:01 UTC by Patrick Del Bello
Modified: 2026-01-22 06:26 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2026-01-22 06:26:43 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Patrick Del Bello 2026-01-22 03:01:14 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Martin Osvald 🛹 2026-01-22 06:26:43 UTC
When looking at the commit fixing this vulnerability:

https://gitlab.isc.org/isc-projects/bind9/-/commit/14e299995f8f1dd8faeb7c5395a5a0c12b0f43f4

ISC DHCP is not affected. It doesn't execute code path related to DNS resource records serving/parsing for BRID/HHIT inside HIP RDATA (towire_*() methods). This is a BIND server-side issue, as also mentioned by the documentation for the CVE-2025-13878:

https://kb.isc.org/docs/cve-2025-13878

ISC DHCP uses portions of the ISC BIND libraries (primarily libdns, omapi, and libisccfg) only to support DDNS (TSIG support, DNS message construction/parsing, DHCID generation), OMAPI related operations, basic functions (configuration handling, data structures, logging, networking primitives).


Note You need to log in before you can comment on or make changes to this bug.