CVE-2026-14940 PUBLISHED

389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn

Assigner: redhat
Reserved: 07.07.2026 Published: 07.07.2026 Updated: 07.07.2026

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 5.3

Product Status

Vendor Red Hat
Product Red Hat Directory Server 11
Versions Default: affected
Vendor Red Hat
Product Red Hat Directory Server 12
Versions Default: affected
Vendor Red Hat
Product Red Hat Directory Server 13
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: unknown
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Credits

  • Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue.

References

Problem Types

  • Heap-based Buffer Overflow CWE