Description
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
References (21)
Core 21
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5196
https://access.redhat.com/errata/RHSA-2026:5196
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3189
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3208
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3379
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3504
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:4207
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:4661
https://access.redhat.com/errata/RHSA-2026:4661
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:4720
https://access.redhat.com/errata/RHSA-2026:4720
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5511
https://access.redhat.com/errata/RHSA-2026:5511
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5512
https://access.redhat.com/errata/RHSA-2026:5512
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5513
https://access.redhat.com/errata/RHSA-2026:5513
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5514
https://access.redhat.com/errata/RHSA-2026:5514
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5568
https://access.redhat.com/errata/RHSA-2026:5568
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5569
https://access.redhat.com/errata/RHSA-2026:5569
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5576
https://access.redhat.com/errata/RHSA-2026:5576
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5597
https://access.redhat.com/errata/RHSA-2026:5597
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:5598
https://access.redhat.com/errata/RHSA-2026:5598
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:6220
https://access.redhat.com/errata/RHSA-2026:6220
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:6268
https://access.redhat.com/errata/RHSA-2026:6268
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-14905
Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2423624
Scores
CVSS v3
7.2
EPSS
0.0104
EPSS Percentile
59.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-122
Status
published
Products (29)
Red Hat/Red Hat Directory Server 11
Red Hat/Red Hat Directory Server 11.5 E4S for RHEL 8
8060020260303152239.0ca98e7e
Red Hat/Red Hat Directory Server 11.7 E4S for RHEL 8
8080020260227193008.f969626e
Red Hat/Red Hat Directory Server 11.9 for RHEL 8
8100020260312105752.37ed7c03
Red Hat/Red Hat Directory Server 12
Red Hat/Red Hat Directory Server 12.2 E4S for RHEL 9
9020020260304180546.1674d574
Red Hat/Red Hat Directory Server 12.4 EUS for RHEL 9
9040020260225135630.1674d574
Red Hat/Red Hat Directory Server 13
Red Hat/Red Hat Directory Server 13.1
sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5
Red Hat/Red Hat Enterprise Linux 10
0:3.1.3-7.el10_1
... and 19 more
Published
Feb 23, 2026
Tracked Since
Feb 23, 2026