CVE-2025-14905
Published: Feb 23, 2026
Modified: Mar 31, 2026
CVSS v3.1
7.2
Description
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Red Hat Directory Server 11.5 E4S for RHEL 8 | unaffected 8060020260303152239.0ca98e7e - < * |
Red Hat | Red Hat Directory Server 11.7 E4S for RHEL 8 | unaffected 8080020260227193008.f969626e - < * |
Red Hat | Red Hat Directory Server 11.9 for RHEL 8 | unaffected 8100020260312105752.37ed7c03 - < * |
Red Hat | Red Hat Directory Server 12.2 E4S for RHEL 9 | unaffected 9020020260304180546.1674d574 - < * |
Red Hat | Red Hat Directory Server 12.4 EUS for RHEL 9 | unaffected 9040020260225135630.1674d574 - < * |
Red Hat | Red Hat Enterprise Linux 10 | unaffected 0:3.1.3-7.el10_1 - < * |
Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | unaffected 0:3.0.6-17.el10_0 - < * |
Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | unaffected 0:1.3.11.1-11.el7_9 - < * |
Red Hat | Red Hat Enterprise Linux 8 | unaffected 8100020260312103235.25e700aa - < * |
Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | unaffected 8020020260303204738.dbc46ba7 - < * |
Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | unaffected 8040020260303172348.96015a92 - < * |
Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | unaffected 8040020260303172348.96015a92 - < * |
Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | unaffected 8060020260303144613.824efc52 - < * |
Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | unaffected 8060020260303144613.824efc52 - < * |
Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | unaffected 8060020260303144613.824efc52 - < * |
Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | unaffected 8080020260227183930.6dbb3803 - < * |
Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | unaffected 8080020260227183930.6dbb3803 - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:2.7.0-10.el9_7 - < * |
Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | unaffected 0:2.0.14-5.el9_0 - < * |
Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | unaffected 0:2.2.4-17.el9_2 - < * |
Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | unaffected 0:2.4.5-24.el9_4 - < * |
Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | unaffected 0:2.6.1-20.el9_6 - < * |
Red Hat | Red Hat Directory Server 13.1 | unaffected sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5 - < * |
Red Hat | Red Hat Directory Server 12 | All versions |
Red Hat | Red Hat Directory Server 13 | All versions |
Red Hat | Red Hat Enterprise Linux 6 | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now