Red Hat Directory Server E4s
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Directory Server E4s.
By the Year
In 2026 there have been 4 vulnerabilities in Red Hat Directory Server E4s with an average score of 7.8 out of ten. Directory Server E4s did not have any published security vulnerabilities last year. That is, 4 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 7.78 |
| 2025 | 0 | 0.00 |
| 2024 | 4 | 6.10 |
It may take a day or so for new Directory Server E4s vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Directory Server E4s Security Vulnerabilities
389-ds-base 1.3.2+ Heap Buffer Overflow via oversized LDAP UNBIND
CVE-2026-11610
8.8 - High
- July 07, 2026
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow in schema.c only.
Heap-based Buffer Overflow
389-Ds SASL_IO Integer Overflow: DoS/RCE via Crafted Packet
CVE-2026-11774
7.6 - High
- June 11, 2026
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer overflow of up to approximately 2 megabytes of attacker-controlled data. After a successful SASL bind with integrity protection (SSF > 0), a remote attacker can cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, enrolled host, or service account can trigger this vulnerability over the network. This flaw is independent of CVE-2025-14905, which patched schema.c only and did not modify sasl_io.c.
Integer Overflow or Wraparound
389-DS LDAP DoS: Unbounded Controls Enable Remote Overload
CVE-2026-9064
7.5 - High
- May 20, 2026
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service.
Allocation of Resources Without Limits or Throttling
389-ds-base Heap Buffer Overflow in schema_attr_enum_callback
CVE-2025-14905
7.2 - High
- February 23, 2026
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
Heap-based Buffer Overflow
389-ds-base LDAP DoS via Malformed Hash Login
CVE-2024-5953
5.7 - Medium
- June 18, 2024
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
Improper Validation of Consistency within Input
389 DS LDAP Crafted Query DoS
CVE-2024-3657
7.5 - High
- May 28, 2024
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
Improper Input Validation
389 DS LDAP Auth DoS via Malformed userPassword Mod
CVE-2024-2199
5.7 - Medium
- May 28, 2024
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
Improper Input Validation
389 Directory Server DOS via Heap Overflow in log_entry_attr
CVE-2024-1062
5.5 - Medium
- February 12, 2024
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Heap-based Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Directory Server E4s or by Red Hat? Click the Watch button to subscribe.