Home

Description

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-09 | Updated 2026-06-09 | Assigner redhat




MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

NULL Pointer Dereference

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-04-16:Reported to Red Hat.
2026-04-16:Made public.

References

access.redhat.com/security/cve/CVE-2026-11788 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2485423 (RHBZ#2485423) issue-tracking

redhat.atlassian.net/browse/PSIRTSUPT-7600

cve.org (CVE-2026-11788)

nvd.nist.gov (CVE-2026-11788)

Download JSON