Vulnerability-Lookup

RHSA-2026:4661

Vulnerability from csaf_redhat - Published: 2026-03-17 00:17 - Updated: 2026-03-24 13:13

Summary

Red Hat Security Advisory: redhat-ds:12 security update

Severity

Moderate

Notes

Topic: An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 EUS for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration. Security Fix(es): * 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow (CVE-2025-14905) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-14905

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2026:4661

Workaround Restrict network access to the 389-ds-base server to only trusted hosts and networks using firewall rules. Additionally, ensure that administrative access to the server is strictly limited to authorized personnel with strong authentication, as exploitation requires high privileges. This reduces the attack surface and the likelihood of an attacker gaining the necessary privileges to trigger the heap overflow.

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:4661	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2423624	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-14905	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2423624	external
	https://www.cve.org/CVERecord?id=CVE-2025-14905	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-14905	external

Acknowledgments

Red Hat Inc.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 EUS for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow (CVE-2025-14905)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:4661",
        "url": "https://access.redhat.com/errata/RHSA-2026:4661"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2423624",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4661.json"
      }
    ],
    "title": "Red Hat Security Advisory: redhat-ds:12 security update",
    "tracking": {
      "current_release_date": "2026-03-24T13:13:00+00:00",
      "generator": {
        "date": "2026-03-24T13:13:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2026:4661",
      "initial_release_date": "2026-03-17T00:17:20+00:00",
      "revision_history": [
        {
          "date": "2026-03-17T00:17:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-17T00:17:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-24T13:13:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Directory Server 12.4 EUS for RHEL 9",
                "product": {
                  "name": "Red Hat Directory Server 12.4 EUS for RHEL 9",
                  "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:directory_server_eus:12.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Directory Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src (redhat-ds:12)",
                  "product_id": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=src\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12)",
                  "product_id": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=x86_64\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12)",
                  "product_id": "389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-debuginfo@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=x86_64\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12)",
                  "product_id": "389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-debugsource@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=x86_64\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12)",
                  "product_id": "389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-devel@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=x86_64\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12)",
                  "product_id": "389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-libs@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=x86_64\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12)",
                  "product_id": "389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=x86_64\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12)",
                  "product_id": "389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-snmp@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=x86_64\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                "product": {
                  "name": "389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12)",
                  "product_id": "389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=x86_64\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
                "product": {
                  "name": "cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch (redhat-ds:12)",
                  "product_id": "cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-389-ds@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=noarch\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
                "product": {
                  "name": "python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch (redhat-ds:12)",
                  "product_id": "python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-lib389@2.4.5-22.module%2Bel9dsrv%2B24021%2B288fb6da?arch=noarch\u0026rpmmod=redhat-ds:12:9040020260225135630:1674d574"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src::redhat-ds:12"
        },
        "product_reference": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12"
        },
        "product_reference": "389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12"
        },
        "product_reference": "389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12"
        },
        "product_reference": "389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12"
        },
        "product_reference": "389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12"
        },
        "product_reference": "389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12"
        },
        "product_reference": "389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12"
        },
        "product_reference": "389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12"
        },
        "product_reference": "389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12"
        },
        "product_reference": "cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch (redhat-ds:12) as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12"
        },
        "product_reference": "python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "organization": "Red Hat Inc.",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2025-14905",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2025-12-18T18:04:56.621000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2423624"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat Directory Server. A heap buffer overflow in the `389-ds-base` component can lead to a denial of service or potential remote code execution. Exploitation requires high privileges on the Directory Server, limiting the attack surface to authenticated administrative users.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-14905"
        },
        {
          "category": "external",
          "summary": "RHBZ#2423624",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-14905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14905"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14905",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14905"
        }
      ],
      "release_date": "2026-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-17T00:17:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4661"
        },
        {
          "category": "workaround",
          "details": "Restrict network access to the 389-ds-base server to only trusted hosts and networks using firewall rules. Additionally, ensure that administrative access to the server is strictly limited to authorized personnel with strong authentication, as exploitation requires high privileges. This reduces the attack surface and the likelihood of an attacker gaining the necessary privileges to trigger the heap overflow.",
          "product_ids": [
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.src::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-debugsource-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-devel-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-libs-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:389-ds-base-snmp-debuginfo-0:2.4.5-22.module+el9dsrv+24021+288fb6da.x86_64::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:cockpit-389-ds-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:python3-lib389-0:2.4.5-22.module+el9dsrv+24021+288fb6da.noarch::redhat-ds:12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow"
    }
  ]
}

CVE-2025-14905 (GCVE-0-2025-14905)

Vulnerability from cvelistv5 – Published: 2026-02-23 15:41 – Updated: 2026-03-24 10:17

Title

389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow

Summary

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:3189	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3208	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3379	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3504	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4207	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4661	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4720	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5196	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5511	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5512	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5513	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5514	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5568	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5569	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5576	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5597	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:5598	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-14905	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2423624	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Directory Server 11.5 E4S for RHEL 8

Unaffected: 8060020260303152239.0ca98e7e , < * (rpm)
cpe:/a:redhat:directory_server_e4s:11.5::el8

Red Hat	Red Hat Directory Server 11.7 E4S for RHEL 8	Unaffected: 8080020260227193008.f969626e , < * (rpm) cpe:/a:redhat:directory_server_e4s:11.7::el8
Red Hat	Red Hat Directory Server 11.9 for RHEL 8	Unaffected: 8100020260312105752.37ed7c03 , < * (rpm) cpe:/a:redhat:directory_server:11.9::el8
Red Hat	Red Hat Directory Server 12.2 E4S for RHEL 9	Unaffected: 9020020260304180546.1674d574 , < * (rpm) cpe:/a:redhat:directory_server_e4s:12.2::el9
Red Hat	Red Hat Directory Server 12.4 EUS for RHEL 9	Unaffected: 9040020260225135630.1674d574 , < * (rpm) cpe:/a:redhat:directory_server_eus:12.4::el9
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:3.1.3-7.el10_1 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:3.0.6-17.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 8100020260312103235.25e700aa , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 8020020260303204738.dbc46ba7 , < * (rpm) cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 8060020260303144613.824efc52 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 8060020260303144613.824efc52 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 8060020260303144613.824efc52 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 8080020260227183930.6dbb3803 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 8080020260227183930.6dbb3803 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.7.0-10.el9_7 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.0.14-5.el9_0 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:2.2.4-17.el9_2 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.4.5-24.el9_4 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:2.6.1-20.el9_6 , < * (rpm) cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Directory Server 13.1	Unaffected: sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5 , < * (rpm) cpe:/a:redhat:directory_server:13.1::el10
Red Hat	Red Hat Directory Server 12	cpe:/a:redhat:directory_server:12
Red Hat	Red Hat Directory Server 13	cpe:/a:redhat:directory_server:13
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Date Public ?

2026-02-23 00:00

Credits

This issue was discovered by Red Hat Security Research Team (Red Hat Inc.).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-23T18:49:43.028074Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-23T18:54:27.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_e4s:11.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020260303152239.0ca98e7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_e4s:11.7::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.7 E4S for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020260227193008.f969626e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:11.9::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.9 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020260312105752.37ed7c03",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_e4s:12.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12",
          "product": "Red Hat Directory Server 12.2 E4S for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9020020260304180546.1674d574",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_eus:12.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12",
          "product": "Red Hat Directory Server 12.4 EUS for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9040020260225135630.1674d574",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.3-7.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.6-17.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020260312103235.25e700aa",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020260303204738.dbc46ba7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020260303144613.824efc52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020260303144613.824efc52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020260303144613.824efc52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020260227183930.6dbb3803",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020260227183930.6dbb3803",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.7.0-10.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.14-5.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.4-17.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::crb",
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.5-24.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::crb",
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.1-20.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:directory_server:13.1::el10"
          ],
          "defaultStatus": "affected",
          "packageName": "dirsrv/dirsrv-container-rhel10",
          "product": "Red Hat Directory Server 13.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:12"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12/389-ds-base",
          "product": "Red Hat Directory Server 12",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:13"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Directory Server 13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Red Hat Security Research Team (Red Hat Inc.)."
        }
      ],
      "datePublic": "2026-02-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T10:17:03.784Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3189",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3189"
        },
        {
          "name": "RHSA-2026:3208",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3208"
        },
        {
          "name": "RHSA-2026:3379",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3379"
        },
        {
          "name": "RHSA-2026:3504",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3504"
        },
        {
          "name": "RHSA-2026:4207",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4207"
        },
        {
          "name": "RHSA-2026:4661",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4661"
        },
        {
          "name": "RHSA-2026:4720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4720"
        },
        {
          "name": "RHSA-2026:5196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5196"
        },
        {
          "name": "RHSA-2026:5511",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5511"
        },
        {
          "name": "RHSA-2026:5512",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5512"
        },
        {
          "name": "RHSA-2026:5513",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5513"
        },
        {
          "name": "RHSA-2026:5514",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5514"
        },
        {
          "name": "RHSA-2026:5568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5568"
        },
        {
          "name": "RHSA-2026:5569",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5569"
        },
        {
          "name": "RHSA-2026:5576",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5576"
        },
        {
          "name": "RHSA-2026:5597",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5597"
        },
        {
          "name": "RHSA-2026:5598",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:5598"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-14905"
        },
        {
          "name": "RHBZ#2423624",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-18T18:04:56.621Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-23T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow",
      "workarounds": [
        {
          "lang": "en",
          "value": "Restrict network access to the 389-ds-base server to only trusted hosts and networks using firewall rules. Additionally, ensure that administrative access to the server is strictly limited to authorized personnel with strong authentication, as exploitation requires high privileges. This reduces the attack surface and the likelihood of an attacker gaining the necessary privileges to trigger the heap overflow."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-14905",
    "datePublished": "2026-02-23T15:41:47.976Z",
    "dateReserved": "2025-12-18T18:06:35.400Z",
    "dateUpdated": "2026-03-24T10:17:03.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:4661

CVE-2025-14905 (GCVE-0-2025-14905)

Tags

Sightings

Nomenclature