EUVD-2026-35417
GHSA-8969-43cc-8p5h
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.
AnalysisAI
Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attacker during database import operations. Exploitation requires local system access, high attack complexity, and high privileges (administrator-level), producing only minor confidentiality impact with no integrity or availability consequences. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three simultaneous conditions: (1) local system access (AV:L) - remote network triggering is not possible per the CVSS vector; (2) high privileges (PR:H) - the attacker must hold administrative credentials sufficient to invoke LDIF database import operations, such as root or the 'cn=Directory Manager' account; (3) high attack complexity (AC:H) - the specific LDIF input must include attribute types with trailing semicolons and may require additional conditions to produce a meaningful read. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The compound signal picture here is unambiguous: this is a genuinely low-risk finding. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A system administrator or a threat actor who has already achieved root or directory-admin privileges on a Red Hat Enterprise Linux host crafts a malformed LDIF file containing attribute type descriptors with trailing semicolons, then initiates a database import operation against the 389 Directory Server instance. The LDIF parser reads past the end of a heap buffer, potentially exposing a small amount of adjacent heap memory. … |
| Remediation | No vendor-released patch version is independently confirmed from the available source data; monitor https://access.redhat.com/security/cve/CVE-2026-11786 and https://bugzilla.redhat.com/show_bug.cgi?id=2485426 for fix availability and errata releases. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat
Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replicat
Heap buffer over-read in Red Hat Directory Server's ldap_utf8prev() function exposes LDAP deployments to potential confi
Share
External POC / Exploit Code
Leaving vuln.today