Description
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.
Published: 2026-06-09
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference occurs in the deref control plugin’s BER parser in 389 Directory Server when the server is under memory pressure. The plugin does not verify that a BER structure is successfully allocated before use, which allows a remote attacker to send crafted LDAP requests and crash the server, causing a denial of service. The weakness is identified as a null pointer dereference (CWE-476) and affects availability with no direct impact on confidentiality or integrity.

Affected Systems

Red Hat Directory Server versions 11 through 13 and all Red Hat Enterprise Linux distributions from 6 to 10 are impacted, since the vulnerable component is bundled within these products. The LDAP server component is the primary target of exploitation.

Risk and Exploitability

The vulnerability has a CVSS score of 5.9, indicating moderate risk. Because the EPSS score is not available, there is no current evidence of widespread exploitation. The flaw is not listed in CISA’s KEV catalog. Attackers can exploit the weakness remotely without authentication; the attack vector is likely an unauthenticated LDAP request that triggers the pointer dereference under memory pressure. While the vulnerability is not high severity, it can disrupt service availability on affected systems.

Generated by OpenCVE AI on June 9, 2026 at 14:52 UTC.

Remediation

Vendor Workaround

Disable the deref plugin (most effective): dsconf <instance> plugin deref disable; systemctl restart dirsrv@<instance>. Disable anonymous access (nsslapd-allow-anonymous-access=off) to raise the bar from pre-auth to authenticated exploitation. Configure memory limits as defense-in-depth: set nsslapd-maxbersize and nsslapd-conntablesize, and deploy in a cgroup with memory limits.

OpenCVE Recommended Actions

  • Disable the deref plugin: use dsconf <instance> plugin deref disable and restart the server with systemctl restart dirsrv@<instance>
  • Disable anonymous LDAP access by setting nsslapd-allow-anonymous-access=off to raise the attack from pre‑auth to authenticated levels
  • Configure server memory limits: set nsslapd-maxbersize and nsslapd-conntablesize, and deploy the directory server in a cgroup or other resource‑limited container to mitigate memory‑pressure attacks

Generated by OpenCVE AI on June 9, 2026 at 14:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat redhat Directory Server
Vendors & Products Redhat redhat Directory Server

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.
Title 389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser
First Time appeared Redhat
Redhat directory Server
Redhat enterprise Linux
Weaknesses CWE-476
CPEs cpe:/a:redhat:directory_server:11
cpe:/a:redhat:directory_server:12
cpe:/a:redhat:directory_server:13
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat directory Server
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Directory Server Enterprise Linux Redhat Directory Server
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-09T15:12:38.533Z

Reserved: 2026-06-09T12:57:59.740Z

Link: CVE-2026-11788

cve-icon Vulnrichment

Updated: 2026-06-09T15:11:32.838Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T14:16:36.940

Modified: 2026-06-09T14:42:21.530

Link: CVE-2026-11788

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:42Z

Weaknesses