CVE-2025-14905

Summary

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schema_attr_enum_callback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Directory Server 11.5 E4S for RHEL 88060020260303152239.0ca98e7e < *unaffected
Red HatRed Hat Directory Server 11.7 E4S for RHEL 88080020260227193008.f969626e < *unaffected
Red HatRed Hat Directory Server 11.9 for RHEL 88100020260312105752.37ed7c03 < *unaffected
Red HatRed Hat Directory Server 12.2 E4S for RHEL 99020020260304180546.1674d574 < *unaffected
Red HatRed Hat Directory Server 12.4 EUS for RHEL 99040020260225135630.1674d574 < *unaffected
Red HatRed Hat Enterprise Linux 100:3.1.3-7.el10_1 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:3.0.6-17.el10_0 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.3.11.1-11.el7_9 < *unaffected
Red HatRed Hat Enterprise Linux 88100020260312103235.25e700aa < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support8020020260303204738.dbc46ba7 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support8040020260303172348.96015a92 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On8040020260303172348.96015a92 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support8060020260303144613.824efc52 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service8060020260303144613.824efc52 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions8060020260303144613.824efc52 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service8080020260227183930.6dbb3803 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions8080020260227183930.6dbb3803 < *unaffected
Red HatRed Hat Enterprise Linux 90:2.7.0-10.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:2.0.14-5.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:2.2.4-17.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:2.4.5-24.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:2.6.1-20.el9_6 < *unaffected
Red HatRed Hat Directory Server 13.11772040913 < *unaffected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow

Workarounds

Restrict network access to the 389-ds-base server to only trusted hosts and networks using firewall rules. Additionally, ensure that administrative access to the server is strictly limited to authorized personnel with strong authentication, as exploitation requires high privileges. This reduces the attack surface and the likelihood of an attacker gaining the necessary privileges to trigger the heap overflow.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References