Description
A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.
Published: 2026-06-09
Score: 1.9 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the LDIF parser of 389 Directory Server causes an out-of-bounds read when attribute types contain trailing semicolons during database import. This defect, identified as CWE‑125, allows the parser to read beyond the bounds of a heap buffer. The out-of-bounds read could potentially expose arbitrary memory contents, but the description does not confirm that sensitive data is always revealed.

Affected Systems

The vulnerability affects Red Hat Directory Server versions 11 through 13 and the Red Hat Enterprise Linux distributions 6 through 10. All packages that include the 389‑ds‑base component in those releases are potentially vulnerable.

Risk and Exploitability

The CVSS score of 1.9 indicates low severity, and no EPSS score is available. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through submission of a crafted LDIF file for import, inferred from the description of the flaw during database import. The defect does not enable remote code execution or privilege escalation; it primarily permits a low‑impact data read.

Generated by OpenCVE AI on June 9, 2026 at 15:22 UTC.

Remediation

Vendor Workaround

Validate LDIF files for malformed attribute types before importing. Reject any LDIF entry containing attribute types with trailing semicolons (e.g., userCertificate;binary;). Pre-import validation: grep -nE '^[a-zA-Z][a-zA-Z0-9-]*;[^:]*;:' input.ldif && echo "REJECT: trailing semicolon in attribute type". This does not protect against the replication changelog path (corrupted stored data), but that path requires pre-existing database corruption, not external input.

OpenCVE Recommended Actions

  • Pre‑validate LDIF files and reject any entries that contain attribute types with trailing semicolons before import.
  • Restrict the LDIF import functionality to trusted administrators only to limit the opportunity for malicious input.
  • Monitor Directory Server logs and memory usage for abnormal patterns or memory‑instrumentation alerts that may indicate exploitation attempts.

Generated by OpenCVE AI on June 9, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat redhat Directory Server
Vendors & Products Redhat redhat Directory Server

Tue, 09 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.
Title 389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()
First Time appeared Redhat
Redhat directory Server
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/a:redhat:directory_server:11
cpe:/a:redhat:directory_server:12
cpe:/a:redhat:directory_server:13
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat directory Server
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 1.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Redhat Directory Server Enterprise Linux Redhat Directory Server
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-09T13:38:21.833Z

Reserved: 2026-06-09T12:54:20.303Z

Link: CVE-2026-11786

cve-icon Vulnrichment

Updated: 2026-06-09T13:38:02.611Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T14:16:36.630

Modified: 2026-06-09T14:42:21.530

Link: CVE-2026-11786

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:46Z

Weaknesses