Fedora Account System
Red Hat Associate
Red Hat Customer
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
When looking at the commit fixing this vulnerability: https://gitlab.isc.org/isc-projects/bind9/-/commit/14e299995f8f1dd8faeb7c5395a5a0c12b0f43f4 ISC DHCP is not affected. It doesn't execute code path related to DNS resource records serving/parsing for BRID/HHIT inside HIP RDATA (towire_*() methods). This is a BIND server-side issue, as also mentioned by the documentation for the CVE-2025-13878: https://kb.isc.org/docs/cve-2025-13878 ISC DHCP uses portions of the ISC BIND libraries (primarily libdns, omapi, and libisccfg) only to support DDNS (TSIG support, DNS message construction/parsing, DHCID generation), OMAPI related operations, basic functions (configuration handling, data structures, logging, networking primitives).