CVE-2026-11792 PUBLISHED

389-ds-base: 389-ds-base: heap buffer overflow in audit log password masking (create_masked_entry_string)

Assigner: redhat
Reserved: 09.06.2026 Published: 09.06.2026 Updated: 09.06.2026

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged (requiring non-default CLEAR password storage or a compromised replication peer), the copy overflows the buffer, corrupting heap memory and audit log output.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
CVSS Score: 3.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	High	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Directory Server 11
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Directory Server 12
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Directory Server 13
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Workarounds

Do not use passwordStorageScheme=CLEAR (default PBKDF2-SHA512 produces hashes longer than 23 bytes). Disable audit logging if not required. Monitor replication agreements for unauthorized peers.

References

Problem Types

Heap-based Buffer Overflow CWE