4.3

CVE-2026-11785

389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatDirectory Server Version12.0
RedhatDirectory Server Version13.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.077
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://access.redhat.com/security/cve/CVE-2026-11785
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2485427
Vendor Advisory
Issue Tracking