Back to CVE List

CVE-2026-14940

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnerability Description

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When
normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a
multivalued nested Relative Distinguished Name (RDN), the server can write past the
end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated
remote attacker can trigger this condition by sending an LDAP operation whose DN
reaches the DN normalization routine, such as a search with a crafted base DN. This
can corrupt heap memory and may cause denial of service.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-122
Source
NVD
Vendor
Red Hat
Product
Red Hat Directory Server 11, Red Hat Directory Server 12, Red Hat Directory Server 13, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9

External References

Discussion (0)

Add Comment

No comments yet. Be the first!