PT-2026-56170 · Unknown+2 · 389 Directory Server+2

Ian Murphy

·

Published

2026-07-07

·

Updated

2026-07-07

·

CVE-2026-11610

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions 389 Directory Server (389-ds-base) versions 1.3.2 through 11.12.4 Update1 389 Directory Server (389-ds-base) versions 12.0 through 12.12 389 Directory Server (389-ds-base) versions 2025.1 through 2026.2
Description A heap buffer overflow exists in the SASL I/O layer. After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet. This packet is copied into a 512-byte heap receive buffer without a bounds check in the sasl io recv() function within sasl io.c, allowing up to approximately 2 megabytes of attacker-controlled data to overflow the buffer. This can lead to memory corruption or a denial of service resulting in a server crash. In FreeIPA and Red Hat Identity Management deployments, the issue can be triggered over the network by any domain user with a valid Kerberos ticket, any enrolled host, or any service account after authenticating via GSSAPI.
Recommendations Update 389 Directory Server (389-ds-base) versions 1.3.2 through 11.12.4 Update1 to the latest patched version. Update 389 Directory Server (389-ds-base) versions 12.0 through 12.12 to the latest patched version. Update 389 Directory Server (389-ds-base) versions 2025.1 through 2026.2 to the latest patched version.

Fix

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-11610

Affected Products

389 Directory Server
Freeipa
Red Hat Identity Management