CVE-2025-14905

EPSS 0.25%
Veröffentlicht 23.02.2026 15:41:47
Zuletzt bearbeitet 23.03.2026 01:16:41
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 12.4 EUS for RHEL 9

Default Statusaffected

Version < *

Version 9040020260225135630.1674d574

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:3.1.3-7.el10_1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10.0 Extended Update Support

Default Statusaffected

Version < *

Version 0:3.0.6-17.el10_0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 8020020260303204738.dbc46ba7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:2.7.0-10.el9_7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:2.4.5-24.el9_4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.6 Extended Update Support

Default Statusaffected

Version < *

Version 0:2.6.1-20.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 13.1

Default Statusaffected

Version < *

Version sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 11

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 12

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 13

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusunknown

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.483

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://access.redhat.com/security/cve/CVE-2025-14905

https://bugzilla.redhat.com/show_bug.cgi?id=2423624

https://access.redhat.com/errata/RHSA-2026:3189

https://access.redhat.com/errata/RHSA-2026:3208

https://access.redhat.com/errata/RHSA-2026:3379

https://access.redhat.com/errata/RHSA-2026:3504

https://access.redhat.com/errata/RHSA-2026:4207

https://access.redhat.com/errata/RHSA-2026:4661

https://access.redhat.com/errata/RHSA-2026:4720

https://access.redhat.com/errata/RHSA-2026:5196

https://nvd.nist.gov/vuln/detail/CVE-2025-14905

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14905

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14905

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-14905