7.6
CVE-2026-11774
- EPSS 0.67%
- Veröffentlicht 11.06.2026 17:54:34
- Zuletzt bearbeitet 09.07.2026 13:16:46
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer overflow of up to approximately 2 megabytes of attacker-controlled data. After a successful SASL bind with integrity protection (SSF > 0), a remote attacker can cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, enrolled host, or service account can trigger this vulnerability over the network. This flaw is independent of CVE-2025-14905, which patched schema.c only and did not modify sasl_io.c.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux Server (v. 7 ELS)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux Server Optional (v. 7 ELS)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 11.9 for RHEL 8
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream (v. 10)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream (v. 8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream AUS (v.8.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream AUS (v.8.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream E4S (v.8.8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream TUS (v.8.8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream E4S (v.9.2)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream E4S (v.9.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream (v. 9)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 11.5 E4S for RHEL 8
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 11.7 E4S for RHEL 8
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 12.2 E4S for RHEL 9
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 12.4 E4S for RHEL 9
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat CodeReady Linux Builder EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 13.2
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 12
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Directory Server 13
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusunaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.475 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://bugzilla.redhat.com/show_bug.cgi?id=2484916
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11774.json
https://access.redhat.com/errata/RHSA-2026:36197
https://access.redhat.com/errata/RHSA-2026:36198
https://access.redhat.com/errata/RHSA-2026:36204
https://access.redhat.com/errata/RHSA-2026:36208
https://access.redhat.com/security/cve/CVE-2026-11774
https://access.redhat.com/errata/RHSA-2026:36201
https://access.redhat.com/errata/RHSA-2026:36202
https://access.redhat.com/errata/RHSA-2026:36205
https://access.redhat.com/errata/RHSA-2026:36206
https://access.redhat.com/errata/RHSA-2026:36195
https://access.redhat.com/errata/RHSA-2026:36196
https://access.redhat.com/errata/RHSA-2026:36200
https://access.redhat.com/errata/RHSA-2026:36209
https://access.redhat.com/errata/RHSA-2026:36585
https://access.redhat.com/errata/RHSA-2026:36660
https://access.redhat.com/errata/RHSA-2026:36641
https://access.redhat.com/errata/RHSA-2026:36670
https://access.redhat.com/errata/RHSA-2026:36671