Unknown · 389-Ds-Base · CVE-2025-14905
Name of the Vulnerable Software and Affected Versions: 389 Directory Server versions prior to 3.0.6~git249.6688af9b2.
Description: A heap buffer overflow vulnerability exists in the `schema attr enum callback` function within the `schema.c` file of 389 Directory Server. This occurs because the code incorrectly calculates the buffer size when processing alias strings, potentially leading to a heap overflow. A remote attacker could exploit this vulnerability to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
Recommendations: Upgrade to version 3.0.6~git249.6688af9b2 or later.