EUVD-2026-35419
GHSA-wjcg-9hh3-8323
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionNVD
A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.
AnalysisAI
Heap buffer over-read in Red Hat Directory Server's ldap_utf8prev() function exposes LDAP deployments to potential confidentiality, integrity, and availability impact via crafted string filter input. The flaw affects authenticated, network-accessible LDAP servers running Red Hat Directory Server 11, 12, and 13 as well as the 389-ds component shipped across Red Hat Enterprise Linux 6 through 10. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated LDAP session - the CVSS vector PR:L confirms low-privilege credentials are sufficient; anonymous binds alone are not enough. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The overall risk is moderate and context-dependent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with valid LDAP credentials - such as a low-privileged service account or an internal user in a corporate directory - crafts an LDAP Search Request containing a string filter with a malformed or edge-case UTF-8 sequence designed to position the ldap_utf8prev() pointer at the very start of the heap buffer, causing a backward read beyond the buffer boundary. The over-read bytes influence the filter parsing result, potentially leaking partial heap memory content into filter evaluation logic or producing unexpected search behavior, which the attacker could use to probe directory structure or infer heap layout for further exploitation. … |
| Remediation | The primary remediation is to apply the vendor-released patch from Red Hat once available; monitor https://access.redhat.com/security/cve/CVE-2026-11787 and the associated Bugzilla entry (https://bugzilla.redhat.com/show_bug.cgi?id=2485425) for patch release and exact fixed versions, which are not confirmed in currently available intelligence. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat
Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replicat
Share
External POC / Exploit Code
Leaving vuln.today