Skip to main content

389 Directory Server EUVDEUVD-2026-42042

| CVE-2026-14940 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-07-07 redhat GHSA-868f-j5w9-5jgm
5.3
CVSS 3.1 · NVD
Share

Severity by source

Vendor (redhat) PRIMARY
MEDIUM
qualitative
NVD
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
5.3 MEDIUM

Network-reachable LDAP with no auth required; impact bounded to partial availability as crash is not guaranteed per description.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Jul 07, 2026 - 15:25 vuln.today
CVE Published
Jul 07, 2026 - 13:54 nvd
MEDIUM 5.3

DescriptionNVD

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.

AnalysisAI

Heap-buffer-overflow in 389 Directory Server's DN normalization routine allows an unauthenticated remote attacker to corrupt heap memory and likely crash the LDAP service. The flaw triggers when the server processes an LDAP operation - such as a search request - whose base DN contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), causing an out-of-bounds write during RDN attribute-value pair sorting. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain network access to LDAP port
Delivery
Craft DN with legacy-quoted nested multivalued RDN
Exploit
Send unauthenticated LDAP SearchRequest
Execution
Trigger heap out-of-bounds write in normalization
Persist
Corrupt heap memory
Impact
Crash 389-ds process (DoS)

Vulnerability AssessmentAI

Exploitation The vulnerability is triggered by any LDAP operation whose DN passes through the normalization routine - most directly an LDAP Search with a crafted base DN, but potentially also Bind, Add, Modify, or Delete operations. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) reflects moderate severity: the network vector and absence of authentication requirements make exploitation trivially accessible, but the impact is bounded to partial availability degradation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the LDAP listener sends an unauthenticated LDAP SearchRequest PDU with a crafted base DN string that encodes a legacy-quoted multivalued nested RDN value. The server's DN normalization routine processes the request, triggering the out-of-bounds heap write during RDN sorting, which corrupts adjacent heap memory and may crash the 389-ds process. …
Remediation Upgrade 389-ds-base to a patched version once Red Hat issues an errata - monitor https://access.redhat.com/security/cve/CVE-2026-14940 and the associated Bugzilla ticket https://bugzilla.redhat.com/show_bug.cgi?id=2497697 for fix availability; no specific patched version number was confirmed in the available intelligence at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-11774 HIGH
7.6 Jun 11

Heap buffer overflow in 389 Directory Server (389-ds-base) SASL I/O layer allows authenticated remote attackers to crash

CVE-2026-11788 HIGH
7.5 Jun 09

Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu

CVE-2026-11789 MEDIUM
6.5 Jun 09

Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic

CVE-2026-11884 MEDIUM
6.5 Jun 10

Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replicat

CVE-2026-11611 MEDIUM
6.5 Jun 08

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat

CVE-2026-11786 MEDIUM
6.5 Jun 09

Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack

CVE-2026-11787 MEDIUM
6.3 Jun 09

Heap buffer over-read in Red Hat Directory Server's ldap_utf8prev() function exposes LDAP deployments to potential confi

CVE-2026-12528 MEDIUM
5.4 Jun 17

Heap buffer overflow in 389 Directory Server's ACI parsing layer allows an authenticated LDAP user with write access to

CVE-2026-11791 MEDIUM
5.0 Jun 18

Use-after-free in 389 Directory Server's schema reload path crashes the server when administrative schema reloads race a

CVE-2026-11790 MEDIUM
4.9 Jun 09

Uncontrolled CPU consumption in Red Hat 389 Directory Server's PBKDF2-SHA256 password storage plugin allows a highly pri

CVE-2026-11793 MEDIUM
4.9 Jun 09

Stack buffer overflow in 389 Directory Server's pw.c checkPrefix() function allows a network-accessible Directory Manage

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Server Applications 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected
SUSE Linux Enterprise Server 16.1 Affected

Share

EUVD-2026-42042 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy