7.5
CVE-2026-9064
- EPSS 0.82%
- Veröffentlicht 20.05.2026 09:00:42
- Zuletzt bearbeitet 30.06.2026 03:21:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Directory Server Version11.0
Redhat ≫ Directory Server Version12.0
Redhat ≫ Directory Server Version13.0
Redhat ≫ 389 Directory Server Version-
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.82% | 0.522 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/security/cve/CVE-2026-9064
https://bugzilla.redhat.com/show_bug.cgi?id=2480093
https://access.redhat.com/errata/RHSA-2026:26452
https://access.redhat.com/errata/RHSA-2026:26453
https://access.redhat.com/errata/RHSA-2026:26454
https://access.redhat.com/errata/RHSA-2026:26455
https://access.redhat.com/errata/RHSA-2026:26456
https://access.redhat.com/errata/RHSA-2026:26457
https://access.redhat.com/errata/RHSA-2026:26458
https://access.redhat.com/errata/RHSA-2026:26459
https://access.redhat.com/errata/RHSA-2026:26460
https://access.redhat.com/errata/RHSA-2026:26461
https://access.redhat.com/errata/RHSA-2026:26463
https://access.redhat.com/errata/RHSA-2026:26464
https://access.redhat.com/errata/RHSA-2026:26465
https://access.redhat.com/errata/RHSA-2026:26597
https://access.redhat.com/errata/RHSA-2026:26599
https://access.redhat.com/errata/RHSA-2026:26639
https://access.redhat.com/errata/RHSA-2026:27125
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9064.json