8.8

CVE-2026-11610

389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server
(389-ds-base). After a successful SASL bind with integrity protection (SSF > 0),
an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet
that is copied into a 512-byte heap receive buffer without a bounds check in
sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of
attacker-controlled data to overflow the buffer, causing a denial of service (server
crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with
a valid Kerberos ticket, any enrolled host, or any service account can trigger this
vulnerability over the network after authenticating via GSSAPI.
The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and
was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow
in schema.c only.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Hersteller389ds
Produkt 389-ds-base
Default Statusunaffected
Version <= 3.3.0
Version 1.3.2
Status affected
HerstellerRed Hat
Produkt Red Hat Directory Server 11.5 E4S for RHEL 8
Default Statusaffected
Version 8060020260702180044.0ca98e7e
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Directory Server 11.7 E4S for RHEL 8
Default Statusaffected
Version 8080020260702180836.f969626e
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Directory Server 11.9 for RHEL 8
Default Statusaffected
Version 8100020260702145313.37ed7c03
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Directory Server 12.2 E4S for RHEL 9
Default Statusaffected
Version 9020020260703060155.1674d574
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Directory Server 12.4 E4S for RHEL 9
Default Statusaffected
Version 9040020260703055735.1674d574
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version 0:3.2.0-8.el10_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10.0 Extended Update Support
Default Statusaffected
Version 0:3.0.6-19.el10_0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support
Default Statusaffected
Version 0:1.3.11.1-13.el7_9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 8100020260626120929.25e700aa
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 8040020260629123121.96015a92
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 8040020260629123121.96015a92
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 8060020260626130540.824efc52
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 8060020260626130540.824efc52
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 8080020260630025241.6dbb3803
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 8080020260630025241.6dbb3803
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:2.8.0-8.el9_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version 0:2.2.4-19.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions
Default Statusaffected
Version 0:2.4.5-26.el9_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.6 Extended Update Support
Default Statusaffected
Version 0:2.6.1-22.el9_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Directory Server 13.2
Default Statusaffected
Version 1783452100
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Directory Server 12
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Directory Server 13
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.457
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://bugzilla.redhat.com/show_bug.cgi?id=2484414
https://access.redhat.com/errata/RHSA-2026:36197
https://access.redhat.com/errata/RHSA-2026:36198
https://access.redhat.com/errata/RHSA-2026:36204
https://access.redhat.com/errata/RHSA-2026:36208
https://access.redhat.com/security/cve/CVE-2026-11610
https://access.redhat.com/errata/RHSA-2026:36201
https://access.redhat.com/errata/RHSA-2026:36202
https://access.redhat.com/errata/RHSA-2026:36205
https://access.redhat.com/errata/RHSA-2026:36206
https://access.redhat.com/errata/RHSA-2026:36195
https://access.redhat.com/errata/RHSA-2026:36196
https://access.redhat.com/errata/RHSA-2026:36200
https://access.redhat.com/errata/RHSA-2026:36209
https://access.redhat.com/errata/RHSA-2026:36585
https://access.redhat.com/errata/RHSA-2026:36660
https://access.redhat.com/errata/RHSA-2026:36641
https://access.redhat.com/errata/RHSA-2026:36670
https://access.redhat.com/errata/RHSA-2026:36671