CVE-2025-14905

EPSS 0.4%
Veröffentlicht 23.02.2026 15:41:47
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 24

CNA 26 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 11.5 E4S for RHEL 8

Default Statusaffected

Version 8060020260303152239.0ca98e7e

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 11.7 E4S for RHEL 8

Default Statusaffected

Version 8080020260227193008.f969626e

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 11.9 for RHEL 8

Default Statusaffected

Version 8100020260312105752.37ed7c03

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 12.2 E4S for RHEL 9

Default Statusaffected

Version 9020020260304180546.1674d574

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 12.4 EUS for RHEL 9

Default Statusaffected

Version 9040020260225135630.1674d574

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version 0:3.1.3-7.el10_1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10.0 Extended Update Support

Default Statusaffected

Version 0:3.0.6-17.el10_0

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version 0:1.3.11.1-11.el7_9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 8100020260312103235.25e700aa

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version 8020020260303204738.dbc46ba7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version 8040020260303172348.96015a92

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Default Statusaffected

Version 8040020260303172348.96015a92

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version 8060020260303144613.824efc52

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version 8060020260303144613.824efc52

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version 8060020260303144613.824efc52

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version 8080020260227183930.6dbb3803

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version 8080020260227183930.6dbb3803

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:2.7.0-10.el9_7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version 0:2.0.14-5.el9_0

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version 0:2.2.4-17.el9_2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version 0:2.4.5-24.el9_4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.6 Extended Update Support

Default Statusaffected

Version 0:2.6.1-20.el9_6

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 13.1

Default Statusaffected

Version sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 12

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 13

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusunknown

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.608

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://access.redhat.com/security/cve/CVE-2025-14905

https://bugzilla.redhat.com/show_bug.cgi?id=2423624

https://access.redhat.com/errata/RHSA-2026:3189

https://access.redhat.com/errata/RHSA-2026:3208

https://access.redhat.com/errata/RHSA-2026:3379

https://access.redhat.com/errata/RHSA-2026:3504

https://access.redhat.com/errata/RHSA-2026:4207

https://access.redhat.com/errata/RHSA-2026:4661

https://access.redhat.com/errata/RHSA-2026:4720

https://access.redhat.com/errata/RHSA-2026:5196

https://access.redhat.com/errata/RHSA-2026:5511

https://access.redhat.com/errata/RHSA-2026:5512