Description
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.
Published: 2026-06-08
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Content Synchronization persistent search plugin of 389 Directory Server. An authenticated client that stops consuming sync responses can cause the plugin to allocate memory without bounds, leading to a service denial. Concurrently, race conditions in the plugin’s thread lifecycle may trigger crashes during connection teardown or server shutdown, further disrupting availability. The weakness is catalogued as CWE‑400, indicating a resource exhaustion flaw.

Affected Systems

Red Hat Directory Server versions 11, 12, and 13, as well as Red Hat Enterprise Linux releases 6 through 10, are affected. The flaw impacts systems where the Content Synchronization plugin is enabled and accessed by authenticated clients.

Risk and Exploitability

The CVSS score of 6.5 classifies the defect as medium severity; the EPSS score is not available, indicating no current exploitation data. The vulnerability is not listed in the CISA KEV catalog. Attack requires authentication against the Directory Server, so the threat model is that an attacker with valid credentials may abuse the plugin to exhaust memory or force crashes. Once exploited, the server will become unavailable to legitimate clients until a restart or manual cleanup occurs.

Generated by OpenCVE AI on June 8, 2026 at 18:24 UTC.

Remediation

Vendor Workaround

Bug 1 (Queue DoS): Reduce SYNC_MAX_CONCURRENT from the default of 10 to minimize the number of clients that can accumulate queues. Apply network-level rate limiting on persistent sync search requests. Monitor client connections and terminate stalled sync clients that stop reading for an extended period. Set system-level memory limits (e.g., LimitAS= in the systemd unit file or cgroup memory limits) to prevent unbounded memory growth. Bugs 2 and 3: No workaround available — these are code-level race conditions that require source fixes.

OpenCVE Recommended Actions

  • Configure SYNC_MAX_CONCURRENT to a lower value than the default of 10 to limit the number of queued sync requests per client.
  • Implement network‑level rate limiting on persistent sync search requests to prevent a single client from flooding the server.
  • Set system‑level memory limits such as LimitAS in the systemd unit or cgroup memory restrictions to cap unbounded memory growth.
  • Actively monitor sync client connections and terminate any that remain stalled or cease reading for an extended period.
  • Apply any official vendor patch or update when it becomes available to resolve the underlying race conditions and memory growth.

Generated by OpenCVE AI on June 8, 2026 at 18:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat redhat Directory Server
Vendors & Products Redhat redhat Directory Server

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.
Title 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions
First Time appeared Redhat
Redhat directory Server
Redhat enterprise Linux
Weaknesses CWE-400
CPEs cpe:/a:redhat:directory_server:11
cpe:/a:redhat:directory_server:12
cpe:/a:redhat:directory_server:13
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat directory Server
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Directory Server Enterprise Linux Redhat Directory Server
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-09T14:35:36.842Z

Reserved: 2026-06-08T16:14:20.086Z

Link: CVE-2026-11611

cve-icon Vulnrichment

Updated: 2026-06-09T14:29:02.824Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-08T17:16:40.930

Modified: 2026-06-09T02:08:28.150

Link: CVE-2026-11611

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:56:56Z

Weaknesses