CVE-2026-11788 PUBLISHED

389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser

Assigner: redhat
Reserved: 09.06.2026 Published: 09.06.2026 Updated: 09.06.2026

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 5.9

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Directory Server 11
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Directory Server 12
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Directory Server 13
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Workarounds

Disable the deref plugin (most effective): dsconf <instance> plugin deref disable; systemctl restart dirsrv@<instance>. Disable anonymous access (nsslapd-allow-anonymous-access=off) to raise the bar from pre-auth to authenticated exploitation. Configure memory limits as defense-in-depth: set nsslapd-maxbersize and nsslapd-conntablesize, and deploy in a cgroup with memory limits.

References

Problem Types

NULL Pointer Dereference CWE