CVE-2026-11884 - Vulnerability Details

- 389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation

Description

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges, or a compromised replication supplier, can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905.

Published: 2026-06-10

Score: 6.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in 389 Directory Server is a heap buffer overflow occurring during the serialization of objectclass definitions. When the oc_superior (SUP) field length is omitted from the buffer size calculations, the field is still written via strcat(), allowing an attacker to overflow the buffer. A crash of the Directory Server can result, disrupting directory services and availability.

Affected Systems

Red Hat Directory Server versions 11, 12, and 13, as well as Red Hat Enterprise Linux releases 6 through 10 are affected. The CVE does not specify a particular patch level, so all current installations of these products are vulnerable until addressed through official remediation or consulting the vendor for an update.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity. No EPSS data is available, and the vulnerability is not listed in CISA KEV. Exploitation requires Directory Manager privileges or a compromised replication supplier, which limits the attack surface to trusted administrative or replicated components. The risk is therefore moderate, with the primary impact being a service crash rather than data compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat Directory Server 11	affected	—
Red Hat	Red Hat Directory Server 12	affected	—
Red Hat	Red Hat Directory Server 13	affected	—
Red Hat	Red Hat Enterprise Linux 10	affected	—
Red Hat	Red Hat Enterprise Linux 6	unknown	—
Red Hat	Red Hat Enterprise Linux 7	affected	—
Red Hat	Red Hat Enterprise Linux 8	affected	—
Red Hat	Red Hat Enterprise Linux 9	affected	—

No data.

No data available yet.

Remediation

Vendor Workaround

Restrict Directory Manager access. Audit replication agreements. Monitor cn=schema modifications for unusually long SUP values. Restrict LDAP replication traffic to trusted networks.

OpenCVE Recommended Actions

Restrict Directory Manager privileges to the minimal set of users required for management.
Audit all LDAP replication agreements to ensure only trusted, validated suppliers are configured.
Continuously monitor schema modifications for unusually long SUP values and set alerts for such activity.
Limit LDAP replication traffic to trusted network segments to prevent exploitation from untrusted networks.

Generated by OpenCVE AI on June 10, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-11884
https://bugzilla.redhat.com/show_bug.cgi?id=2423624
https://bugzilla.redhat.com/show_bug.cgi?id=2484913
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

History

Wed, 10 Jun 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges, or a compromised replication supplier, can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905.
Title		389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation
First Time appeared		Redhat Redhat directory Server Redhat enterprise Linux
Weaknesses		CWE-122
CPEs		cpe:/a:redhat:directory_server:11 cpe:/a:redhat:directory_server:12 cpe:/a:redhat:directory_server:13 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat directory Server Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-11884 https://bugzilla.redhat.com/show_bug.cgi?id=2423624 https://bugzilla.redhat.com/show_bug.cgi?id=2484913 https://redhat.atlassian.net/browse/PSIRTSUPT-7600
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H'}`

Subscriptions

Redhat Directory Server Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-10T14:07:13.559Z

Updated: 2026-06-10T16:31:21.611Z

Reserved: 2026-06-10T13:55:27.884Z

Link: CVE-2026-11884

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-10T15:16:32.317

Modified: 2026-06-10T15:16:32.317

Link: CVE-2026-11884

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-10T15:30:15Z

Weaknesses

CWE-122

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object