Back to overview

CVE-2026-14940

MEDIUM
5.3
CVSS 3.1
Description
A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.

Metadata

CVE ID
CVE-2026-14940
State
PUBLISHED
Assigner
redhat
Reserved
2026-07-07 12:01 UTC
Published
2026-07-07 13:54 UTC
Last updated
2026-07-07 15:35 UTC
Primary CWE
CWE-122
Heap-based Buffer Overflow
Vendor / Product
Red Hat / Red Hat Directory Server 11
Sources
cve.org  ·  NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (8)
VendorProductPlatformVersions
Red Hat Red Hat Directory Server 11
Red Hat Red Hat Directory Server 12
Red Hat Red Hat Directory Server 13
Red Hat Red Hat Enterprise Linux 10
Red Hat Red Hat Enterprise Linux 6
Red Hat Red Hat Enterprise Linux 7
Red Hat Red Hat Enterprise Linux 8
Red Hat Red Hat Enterprise Linux 9
Weakness (CWE)
CWESourceDescription
CWE-122 cna Heap-based Buffer Overflow
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Back to overview