rpm package
suse/389-ds&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-9064 | Hig | 7.5 | < 2.2.10~git229.1fa7ffdb4-150500.3.45.1 | 2.2.10~git229.1fa7ffdb4-150500.3.45.1 | May 20, 2026 | A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousand | |
| CVE-2025-14905 | Hig | 7.2 | < 2.2.10~git200.96444f3c3-150500.3.42.1 | 2.2.10~git200.96444f3c3-150500.3.42.1 | Feb 23, 2026 | A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting f | |
| CVE-2025-3416 | Low | 3.7 | < 2.2.10~git99.aa5d0ecbf-150500.3.36.1 | 2.2.10~git99.aa5d0ecbf-150500.3.36.1 | Apr 8, 2025 | A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. |
- affected < 2.2.10~git229.1fa7ffdb4-150500.3.45.1fixed 2.2.10~git229.1fa7ffdb4-150500.3.45.1
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousand
- affected < 2.2.10~git200.96444f3c3-150500.3.42.1fixed 2.2.10~git200.96444f3c3-150500.3.42.1
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting f
- affected < 2.2.10~git99.aa5d0ecbf-150500.3.36.1fixed 2.2.10~git99.aa5d0ecbf-150500.3.36.1
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.