Description
A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can crash the LDAP server by storing a crafted credential with an oversized algorithm ID. FORTIFY_SOURCE mitigates this to denial of service only.
Published: 2026-06-09
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack buffer overflow occurs in the checkPrefix() function of 389 Directory Server when it copies an attacker‑controlled algorithm ID into a 256‑byte stack buffer with no bounds checking. An attacker who possesses Directory Manager privileges can store a crafted credential containing an oversized algorithm ID, causing the LDAP server to crash. The vulnerability is classified as CWE‑121 "Stack-based Buffer Overflow," and its effect is limited to denial of service; it does not allow arbitrary code execution or data disclosure.

Affected Systems

The flaw impacts Red Hat Directory Server versions 11, 12 and 13, as well as Red Hat Enterprise Linux releases 10, 6, 7, 8 and 9. No patch or upgrade level is listed in the CVE entry, so the affected instances remain vulnerable until an official fix is deployed.

Risk and Exploitability

The CVSS score of 4.9 indicates a low‑to‑moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that while the problem is known, it has not yet been widely exploited in the wild. Effective exploitation requires high‑privilege Directory Manager access, so the threat is largely confined to insiders or compromised privileged accounts. Without a patch, the only mitigation is to restrict or monitor Directory Manager privileges; even then, repeated attempts could trigger service downtime.

Generated by OpenCVE AI on June 9, 2026 at 14:51 UTC.

Remediation

Vendor Workaround

Restrict Directory Manager access. Monitor cn=config attributes (nsDS5ReplicaCredentials, nsDS5ReplicaBootstrapCredentials) for abnormally long values. Restrict LDAP administrative access to management networks or localhost (LDAPI).

OpenCVE Recommended Actions

  • Restrict Directory Manager accounts to the minimum number of users and limit their access to trusted networks or localhost.
  • Monitor the cn=config attributes nsDS5ReplicaCredentials and nsDS5ReplicaBootstrapCredentials for abnormally long values that may indicate exploitation attempts.
  • Limit LDAP administrative access to trusted management networks or localhost by configuring LDAPI or firewall rules.
  • Enable or verify that FORTIFY_SOURCE is active to reduce the failure mode to denial of service only.
  • Check Red Hat’s advisory for a future patch and upgrade Red Hat Directory Server as soon as the fix is available.

Generated by OpenCVE AI on June 9, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat redhat Directory Server
Vendors & Products Redhat redhat Directory Server

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can crash the LDAP server by storing a crafted credential with an oversized algorithm ID. FORTIFY_SOURCE mitigates this to denial of service only.
Title 389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsing
First Time appeared Redhat
Redhat directory Server
Redhat enterprise Linux
Weaknesses CWE-121
CPEs cpe:/a:redhat:directory_server:11
cpe:/a:redhat:directory_server:12
cpe:/a:redhat:directory_server:13
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat directory Server
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Directory Server Enterprise Linux Redhat Directory Server
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-09T13:29:33.535Z

Reserved: 2026-06-09T13:04:58.380Z

Link: CVE-2026-11793

cve-icon Vulnrichment

Updated: 2026-06-09T13:29:27.407Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T14:16:37.503

Modified: 2026-06-09T14:42:21.530

Link: CVE-2026-11793

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:38Z

Weaknesses