8.8
CVE-2026-11610
- EPSS 0.63%
- Veröffentlicht 07.07.2026 09:17:36
- Zuletzt bearbeitet 08.07.2026 21:16:46
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow in schema.c only.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Hersteller389ds
≫
Produkt
389-ds-base
Default Statusunaffected
Version <=
3.3.0
Version
1.3.2
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 11.5 E4S for RHEL 8
Default Statusaffected
Version
8060020260702180044.0ca98e7e
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 11.7 E4S for RHEL 8
Default Statusaffected
Version
8080020260702180836.f969626e
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 11.9 for RHEL 8
Default Statusaffected
Version
8100020260702145313.37ed7c03
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 12.2 E4S for RHEL 9
Default Statusaffected
Version
9020020260703060155.1674d574
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 12.4 E4S for RHEL 9
Default Statusaffected
Version
9040020260703055735.1674d574
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusaffected
Version
0:3.2.0-8.el10_2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10.0 Extended Update Support
Default Statusaffected
Version
0:3.0.6-19.el10_0
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Default Statusaffected
Version
0:1.3.11.1-13.el7_9
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version
8100020260626120929.25e700aa
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version
8040020260629123121.96015a92
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version
8040020260629123121.96015a92
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version
8060020260626130540.824efc52
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version
8060020260626130540.824efc52
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version
8080020260630025241.6dbb3803
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version
8080020260630025241.6dbb3803
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version
0:2.8.0-8.el9_8
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version
0:2.2.4-19.el9_2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions
Default Statusaffected
Version
0:2.4.5-26.el9_4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.6 Extended Update Support
Default Statusaffected
Version
0:2.6.1-22.el9_6
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 13.2
Default Statusaffected
Version
1783452100
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 12
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 13
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.457 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
https://bugzilla.redhat.com/show_bug.cgi?id=2484414
https://access.redhat.com/errata/RHSA-2026:36197
https://access.redhat.com/errata/RHSA-2026:36198
https://access.redhat.com/errata/RHSA-2026:36204
https://access.redhat.com/errata/RHSA-2026:36208
https://access.redhat.com/security/cve/CVE-2026-11610
https://access.redhat.com/errata/RHSA-2026:36201
https://access.redhat.com/errata/RHSA-2026:36202
https://access.redhat.com/errata/RHSA-2026:36205
https://access.redhat.com/errata/RHSA-2026:36206
https://access.redhat.com/errata/RHSA-2026:36195
https://access.redhat.com/errata/RHSA-2026:36196
https://access.redhat.com/errata/RHSA-2026:36200
https://access.redhat.com/errata/RHSA-2026:36209
https://access.redhat.com/errata/RHSA-2026:36585
https://access.redhat.com/errata/RHSA-2026:36660
https://access.redhat.com/errata/RHSA-2026:36641
https://access.redhat.com/errata/RHSA-2026:36670
https://access.redhat.com/errata/RHSA-2026:36671