Description
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
Problem types
Product status
8060020260303152239.0ca98e7e (rpm) before *
8080020260227193008.f969626e (rpm) before *
8100020260312105752.37ed7c03 (rpm) before *
9020020260304180546.1674d574 (rpm) before *
9040020260225135630.1674d574 (rpm) before *
0:3.1.3-7.el10_1 (rpm) before *
0:3.0.6-17.el10_0 (rpm) before *
0:1.3.11.1-11.el7_9 (rpm) before *
8100020260312103235.25e700aa (rpm) before *
8020020260303204738.dbc46ba7 (rpm) before *
8040020260303172348.96015a92 (rpm) before *
8040020260303172348.96015a92 (rpm) before *
8060020260303144613.824efc52 (rpm) before *
8060020260303144613.824efc52 (rpm) before *
8060020260303144613.824efc52 (rpm) before *
8080020260227183930.6dbb3803 (rpm) before *
8080020260227183930.6dbb3803 (rpm) before *
0:2.7.0-10.el9_7 (rpm) before *
0:2.0.14-5.el9_0 (rpm) before *
0:2.2.4-17.el9_2 (rpm) before *
0:2.4.5-24.el9_4 (rpm) before *
0:2.6.1-20.el9_6 (rpm) before *
sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5 (rpm) before *
Timeline
| 2025-12-18: | Reported to Red Hat. |
| 2026-02-23: | Made public. |
Credits
This issue was discovered by Red Hat Security Research Team (Red Hat Inc.).
References
access.redhat.com/errata/RHSA-2026:3189 (RHSA-2026:3189)
access.redhat.com/errata/RHSA-2026:3208 (RHSA-2026:3208)
access.redhat.com/errata/RHSA-2026:3379 (RHSA-2026:3379)
access.redhat.com/errata/RHSA-2026:3504 (RHSA-2026:3504)
access.redhat.com/errata/RHSA-2026:4207 (RHSA-2026:4207)
access.redhat.com/errata/RHSA-2026:4661 (RHSA-2026:4661)
access.redhat.com/errata/RHSA-2026:4720 (RHSA-2026:4720)
access.redhat.com/errata/RHSA-2026:5196 (RHSA-2026:5196)
access.redhat.com/errata/RHSA-2026:5511 (RHSA-2026:5511)
access.redhat.com/errata/RHSA-2026:5512 (RHSA-2026:5512)
access.redhat.com/errata/RHSA-2026:5513 (RHSA-2026:5513)
access.redhat.com/errata/RHSA-2026:5514 (RHSA-2026:5514)
access.redhat.com/errata/RHSA-2026:5568 (RHSA-2026:5568)
access.redhat.com/errata/RHSA-2026:5569 (RHSA-2026:5569)
access.redhat.com/errata/RHSA-2026:5576 (RHSA-2026:5576)
access.redhat.com/errata/RHSA-2026:5597 (RHSA-2026:5597)
access.redhat.com/errata/RHSA-2026:5598 (RHSA-2026:5598)
access.redhat.com/errata/RHSA-2026:6220 (RHSA-2026:6220)
access.redhat.com/errata/RHSA-2026:6268 (RHSA-2026:6268)
access.redhat.com/security/cve/CVE-2025-14905
bugzilla.redhat.com/show_bug.cgi?id=2423624 (RHBZ#2423624)