CVE-2026-11786

Vulnerability

A heap out-of-bounds read exists in the LDIF parser's str2entry_state_information_from_type() function within 389 Directory Server. This flaw occurs when importing LDIF data where attribute types contain trailing semicolons. The parser reads past the end of a heap buffer after detecting a semicolon without ensuring sufficient bytes remain in the allocation. This issue is present across all shipped 389-ds-base versions and has been ASan-proven on instrumented builds [2].

Exploitation

Exploitation requires local administrator access to perform an LDIF database import. An attacker would need to craft a malicious LDIF file containing attribute types with trailing semicolons and trigger the ldif2db import process. The vulnerability is in the entry.c file's str2entry_state_information_from_type() function [2].

Impact

Successful exploitation results in an out-of-bounds read from a heap buffer. While production binaries may not crash due to allocator padding, the vulnerability is detectable under memory instrumentation. The exact impact beyond this read is not detailed in the available references, but it indicates a memory corruption vulnerability [2].

Mitigation

This vulnerability is present unchanged across all shipped 389-ds-base versions. No specific fixed version or release date has been disclosed in the available references. There are no workarounds mentioned, and the EOL status or KEV listing is not yet disclosed [1, 2].