CVE-2026-11610
- EPSS 0.63%
- Veröffentlicht 07.07.2026 09:17:36
- Zuletzt bearbeitet 08.07.2026 21:16:46
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet t...
- EPSS 0.21%
- Veröffentlicht 18.06.2026 14:44:32
- Zuletzt bearbeitet 30.06.2026 11:16:28
A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsyst...
CVE-2026-12528
- EPSS 0.23%
- Veröffentlicht 17.06.2026 14:27:27
- Zuletzt bearbeitet 28.06.2026 00:22:17
A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed ACI (Access Control Instruction) string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validat...
CVE-2026-11774
- EPSS 0.67%
- Veröffentlicht 11.06.2026 17:54:34
- Zuletzt bearbeitet 09.07.2026 13:16:46
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the ...
CVE-2026-11790
- EPSS 0.29%
- Veröffentlicht 09.06.2026 13:09:29
- Zuletzt bearbeitet 30.06.2026 14:16:25
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause ex...
CVE-2026-11789
- EPSS 0.28%
- Veröffentlicht 09.06.2026 13:02:59
- Zuletzt bearbeitet 30.06.2026 14:16:25
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server duri...
CVE-2026-11788
- EPSS 0.35%
- Veröffentlicht 09.06.2026 13:02:53
- Zuletzt bearbeitet 30.06.2026 09:16:24
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...
CVE-2026-11787
- EPSS 0.18%
- Veröffentlicht 09.06.2026 13:02:53
- Zuletzt bearbeitet 30.06.2026 09:16:24
A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.
CVE-2026-11785
- EPSS 0.18%
- Veröffentlicht 09.06.2026 12:57:59
- Zuletzt bearbeitet 30.06.2026 09:16:23
A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.
CVE-2026-11786
- EPSS 0.16%
- Veröffentlicht 09.06.2026 12:57:59
- Zuletzt bearbeitet 30.06.2026 09:16:23
A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.