EUVD-2026-31079
GHSA-7r3c-wfgh-x96c
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service.
AnalysisAI
Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by sending a single LDAP request packed with hundreds of thousands of minimal controls. Because get_ldapmessage_controls_ext() does not cap the per-message control count, the 2 MB default BER message limit is the only ceiling, and concurrent abuse causes worker thread starvation or OOM termination. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
24 hours: Conduct inventory of all 389-ds-base deployments and assess criticality; enable enhanced logging of LDAP connections and message characteristics. 7 days: Deploy network-level mitigations including per-IP connection rate limits and LDAP message size restrictions; configure alerts for anomalous control message patterns. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today