High severity7.2NVD Advisory· Published Feb 23, 2026· Updated Apr 15, 2026
CVE-2025-14905
CVE-2025-14905
Description
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schema_attr_enum_callback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- osv-coords19 versionspkg:rpm/almalinux/389-ds-basepkg:rpm/almalinux/389-ds-base-bdbpkg:rpm/almalinux/389-ds-base-develpkg:rpm/almalinux/389-ds-base-legacy-toolspkg:rpm/almalinux/389-ds-base-libspkg:rpm/almalinux/389-ds-base-snmppkg:rpm/almalinux/python3-lib389pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/389-ds&distro=openSUSE%20Tumbleweedpkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 2.7.0-10.el9_7+ 18 more
- (no CPE)range: < 2.7.0-10.el9_7
- (no CPE)range: < 3.1.3-7.el10_1
- (no CPE)range: < 2.7.0-10.el9_7
- (no CPE)range: < 1.4.3.39-23.module_el8.10.0+4139+ef6adba4
- (no CPE)range: < 2.7.0-10.el9_7
- (no CPE)range: < 2.7.0-10.el9_7
- (no CPE)range: < 2.7.0-10.el9_7
- (no CPE)range: < 2.2.10~git200.96444f3c3-150600.8.26.1
- (no CPE)range: < 3.0.6~git249.6688af9b2-160000.1.1
- (no CPE)range: < 3.1.4+e2562f589-1.1
- (no CPE)range: < 2.2.10~git200.96444f3c3-150500.3.42.1
- (no CPE)range: < 2.2.10~git200.96444f3c3-150500.3.42.1
- (no CPE)range: < 2.7.0~git144.f597a91d8-150700.3.13.1
- (no CPE)range: < 2.2.10~git200.96444f3c3-150500.3.42.1
- (no CPE)range: < 2.2.10~git200.96444f3c3-150600.8.26.1
- (no CPE)range: < 3.0.6~git249.6688af9b2-160000.1.1
- (no CPE)range: < 2.2.10~git200.96444f3c3-150500.3.42.1
- (no CPE)range: < 2.2.10~git200.96444f3c3-150600.8.26.1
- (no CPE)range: < 3.0.6~git249.6688af9b2-160000.1.1
Patches
Vulnerability mechanics
References
21- access.redhat.com/errata/RHSA-2026:3189nvd
- access.redhat.com/errata/RHSA-2026:3208nvd
- access.redhat.com/errata/RHSA-2026:3379nvd
- access.redhat.com/errata/RHSA-2026:3504nvd
- access.redhat.com/errata/RHSA-2026:4207nvd
- access.redhat.com/errata/RHSA-2026:4661nvd
- access.redhat.com/errata/RHSA-2026:4720nvd
- access.redhat.com/errata/RHSA-2026:5196nvd
- access.redhat.com/errata/RHSA-2026:5511nvd
- access.redhat.com/errata/RHSA-2026:5512nvd
- access.redhat.com/errata/RHSA-2026:5513nvd
- access.redhat.com/errata/RHSA-2026:5514nvd
- access.redhat.com/errata/RHSA-2026:5568nvd
- access.redhat.com/errata/RHSA-2026:5569nvd
- access.redhat.com/errata/RHSA-2026:5576nvd
- access.redhat.com/errata/RHSA-2026:5597nvd
- access.redhat.com/errata/RHSA-2026:5598nvd
- access.redhat.com/errata/RHSA-2026:6220nvd
- access.redhat.com/errata/RHSA-2026:6268nvd
- access.redhat.com/security/cve/CVE-2025-14905nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.