VYPR

Directory Server

by Red Hat

CVEs (37)

  • CVE-2026-11774HigJun 11, 2026
    risk 0.49cvss 7.6epss 0.01

    An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit…

  • CVE-2026-9064HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of…

  • CVE-2026-11884MedJun 10, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An…

  • CVE-2026-11611MedJun 8, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause…

  • CVE-2026-11788MedJun 9, 2026
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

  • CVE-2026-11787MedJun 9, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.

  • CVE-2026-11793MedJun 9, 2026
    risk 0.32cvss 4.9epss 0.00

    A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory…

  • CVE-2026-11790MedJun 9, 2026
    risk 0.32cvss 4.9epss 0.00

    A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption…

  • CVE-2026-11789MedJun 9, 2026
    risk 0.32cvss 4.9epss 0.00

    A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.

  • CVE-2026-11785MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

  • CVE-2026-11792LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext…

  • CVE-2026-11786LowJun 9, 2026
    risk 0.12cvss 1.9epss 0.00

    A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

  • CVE-2008-2930Aug 29, 2008
    risk 0.04cvss epss 0.07

    Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded…

  • CVE-2008-2928Aug 29, 2008
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.

  • CVE-2008-0892Apr 16, 2008
    risk 0.01cvss epss 0.14

    The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

  • CVE-2010-3282Jan 9, 2020
    risk 0.00cvss epss 0.00

    389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local…

  • CVE-2010-2222Nov 5, 2019
    risk 0.00cvss epss 0.01

    The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.

  • CVE-2014-3562Aug 21, 2014
    risk 0.00cvss epss 0.02

    Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

  • CVE-2013-4485Nov 23, 2013
    risk 0.00cvss epss 0.02

    389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

  • CVE-2013-2219Jul 31, 2013
    risk 0.00cvss epss 0.02

    The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

Page 1 of 2