389-ds-base Heap Buffer Overflow in schema_attr_enum_callback
CVE-2025-14905 Published on February 23, 2026

389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-14905 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Timeline

2025-12-18

Reported to Red Hat.

2026-02-23

Made public. 67 days later.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2025-14905

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Directory Server

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux Eus

Red Hat Rhel Eus

Red Hat Directory Server Eus

Red Hat Rhel Aus

Red Hat Directory Server E4s

Red Hat Rhel E4s

Red Hat Rhel Tus

Red Hat Rhel Els

Red Hat Rhel Eus Long Life

Affected Versions

Red Hat Directory Server 11.5 E4S for RHEL 8:

Version 8060020260303152239.0ca98e7e and below * is unaffected.

Red Hat Directory Server 11.7 E4S for RHEL 8:

Version 8080020260227193008.f969626e and below * is unaffected.

Red Hat Directory Server 11.9 for RHEL 8:

Version 8100020260312105752.37ed7c03 and below * is unaffected.

Red Hat Directory Server 12.2 E4S for RHEL 9:

Version 9020020260304180546.1674d574 and below * is unaffected.

Red Hat Directory Server 12.4 EUS for RHEL 9:

Version 9040020260225135630.1674d574 and below * is unaffected.

Red Hat Enterprise Linux 10:

Version 0:3.1.3-7.el10_1 and below * is unaffected.

Red Hat Enterprise Linux 10.0 Extended Update Support:

Version 0:3.0.6-17.el10_0 and below * is unaffected.

Red Hat Enterprise Linux 7 Extended Lifecycle Support:

Version 0:1.3.11.1-11.el7_9 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 8100020260312103235.25e700aa and below * is unaffected.

Red Hat Enterprise Linux 8.2 Advanced Update Support:

Version 8020020260303204738.dbc46ba7 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support:

Version 8040020260303172348.96015a92 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On:

Version 8040020260303172348.96015a92 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support:

Version 8060020260303144613.824efc52 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Telecommunications Update Service:

Version 8060020260303144613.824efc52 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions:

Version 8060020260303144613.824efc52 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Telecommunications Update Service:

Version 8080020260227183930.6dbb3803 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions:

Version 8080020260227183930.6dbb3803 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:2.7.0-10.el9_7 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:

Version 0:2.0.14-5.el9_0 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions:

Version 0:2.2.4-17.el9_2 and below * is unaffected.

Red Hat Enterprise Linux 9.4 Extended Update Support:

Version 0:2.4.5-24.el9_4 and below * is unaffected.

Red Hat Enterprise Linux 9.6 Extended Update Support:

Version 0:2.6.1-20.el9_6 and below * is unaffected.

Red Hat Directory Server 13.1:

Version sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5 and below * is unaffected.

Red Hat Directory Server 12: Red Hat Directory Server 13: Red Hat Enterprise Linux 6:

Exploit Probability

EPSS

0.47%

Percentile

64.41%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

389-ds-base Heap Buffer Overflow in schema_attr_enum_callbackCVE-2025-14905 Published on February 23, 2026

Vulnerability Analysis

Timeline

Weakness Type

Heap-based Buffer Overflow

Products Associated with CVE-2025-14905

Affected Versions

Exploit Probability

389-ds-base Heap Buffer Overflow in schema_attr_enum_callback
CVE-2025-14905 Published on February 23, 2026