Heap Buffer Overflow in 389 Directory Server by Red Hat
CVE-2026-11610

8.8HIGH

What is CVE-2026-11610?

A heap buffer overflow vulnerability exists in the SASL I/O layer of the 389 Directory Server. This flaw arises when an authenticated attacker sends a specially crafted oversized LDAP UNBIND packet, which can lead to a buffer overflow in the sasl_io_recv() function. The vulnerability allows for up to approximately 2 megabytes of attacker-controlled data to overwrite the buffer, potentially causing a denial of service and crashing the server. This can be exploited over the network by any domain user with a valid Kerberos ticket or an enrolled host/service account following authentication via GSSAPI. The issue remains unaddressed since its introduction in earlier versions of the product.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Ian Murphy (Red Hat).
.