Description
A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.
Problem types
Product status
Timeline
| 2026-06-02: | Reported to Red Hat. |
| 2026-07-07: | Made public. |
Credits
Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue.
References
access.redhat.com/security/cve/CVE-2026-14940
bugzilla.redhat.com/show_bug.cgi?id=2497697 (RHBZ#2497697)