EUVD-2026-35129
GHSA-m7g9-hmx3-c8f9
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.
AnalysisAI
Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticated network clients to exhaust server memory by initiating a sync operation and halting consumption of responses, causing unbounded queue growth until the server becomes unavailable. Compounding this, race conditions in the plugin's thread lifecycle management can independently trigger server crashes during connection teardown or graceful shutdown. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation of the memory exhaustion path requires: (1) valid LDAP credentials sufficient to bind to the directory server (confirmed by CVSS PR:L - low-privilege authenticated access), (2) network connectivity to the LDAP service port (389/636), and (3) the Content Synchronization plugin to be active, which is enabled by default in 389 Directory Server deployments. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H scores 6.5 (Medium), accurately reflecting a network-reachable, low-complexity denial-of-service with no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with valid LDAP credentials - or an insider with any directory-bound service account - connects to the 389 Directory Server and issues an LDAP Extended Operation for Content Synchronization persistent search. The client then deliberately stalls, ceasing to read returned sync entries. … |
| Remediation | Monitor Red Hat errata at https://access.redhat.com/security/cve/CVE-2026-11611 and apply the Red Hat-provided update for 389-ds-base or Red Hat Directory Server as soon as it becomes available - no exact fixed version number is confirmed in currently available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replicat
Heap buffer over-read in Red Hat Directory Server's ldap_utf8prev() function exposes LDAP deployments to potential confi
Share
External POC / Exploit Code
Leaving vuln.today