CVE-2026-11793 vulnerability in Red Hat Products
Published on June 9, 2026
389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsing
A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can crash the LDAP server by storing a crafted credential with an oversized algorithm ID. FORTIFY_SOURCE mitigates this to denial of service only.
Vulnerability Analysis
CVE-2026-11793 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2026-11793 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2026-11793
stack.watch emails you whenever new vulnerabilities are published in Red Hat Directory Server or Red Hat Enterprise Linux (RHEL). Just hit a watch button to start following.