389 DS SMD5 Plugin UInt Underflow Buffer Over-read Crashes LDAP
CVE-2026-11789 Published on June 9, 2026

389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.

NVD

Vulnerability Analysis

CVE-2026-11789 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is an Integer underflow Vulnerability?

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.

CVE-2026-11789 has been classified to as an Integer underflow vulnerability or weakness.


Products Associated with CVE-2026-11789

stack.watch emails you whenever new vulnerabilities are published in Red Hat Directory Server or Red Hat Enterprise Linux (RHEL). Just hit a watch button to start following.

Red Hat Directory Server
 
Red Hat Enterprise Linux (RHEL)
 

Affected Versions

Red Hat Directory Server 11: Red Hat Directory Server 12: Red Hat Directory Server 13: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: