Updated: 2026-02-24 20:26:05.624132
Description:
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.2 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | 389-ds-base | 2.2.4 | 7.2 | HIGH | Released | CLSA-2026:1772573644 | 2026-03-04 08:19:04 | |
| TuxCare 9.6 ESU | 389-ds-base | 2.6.1 | 7.2 | HIGH | Released | CLSA-2026:1772574256 | 2026-03-04 08:19:02 |