CVE-2025-14905
EUVD-2025-20766023.02.2026, 16:29
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| 389-ds-base |
| ||
| 389-ds-base-debuginfo |
| ||
| 389-ds-base-devel |
| ||
| 389-ds-base-libs |
| ||
| 389-ds-base-snmp |
|
References