PT-2026-56170 · Unknown+2 · 389 Directory Server+2
Ian Murphy
·
Published
2026-07-07
·
Updated
2026-07-07
·
CVE-2026-11610
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
389 Directory Server (389-ds-base) versions 1.3.2 through 11.12.4 Update1
389 Directory Server (389-ds-base) versions 12.0 through 12.12
389 Directory Server (389-ds-base) versions 2025.1 through 2026.2
Description
A heap buffer overflow exists in the SASL I/O layer. After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet. This packet is copied into a 512-byte heap receive buffer without a bounds check in the
sasl io recv() function within sasl io.c, allowing up to approximately 2 megabytes of attacker-controlled data to overflow the buffer. This can lead to memory corruption or a denial of service resulting in a server crash. In FreeIPA and Red Hat Identity Management deployments, the issue can be triggered over the network by any domain user with a valid Kerberos ticket, any enrolled host, or any service account after authenticating via GSSAPI.Recommendations
Update 389 Directory Server (389-ds-base) versions 1.3.2 through 11.12.4 Update1 to the latest patched version.
Update 389 Directory Server (389-ds-base) versions 12.0 through 12.12 to the latest patched version.
Update 389 Directory Server (389-ds-base) versions 2025.1 through 2026.2 to the latest patched version.
Fix
DoS
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
389 Directory Server
Freeipa
Red Hat Identity Management