Heap Buffer Overflow in 389Directory Server DN Normalization
CVE-2026-14940 Published on July 7, 2026

389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn
A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.

NVD

Vulnerability Analysis

CVE-2026-14940 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
LOW

Timeline

Reported to Red Hat.

Made public. 35 days later.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


Products Associated with CVE-2026-14940

stack.watch emails you whenever new vulnerabilities are published in Red Hat Directory Server or Red Hat Enterprise Linux (RHEL). Just hit a watch button to start following.

 
 

Affected Versions

Red Hat Directory Server 11: Red Hat Directory Server 12: Red Hat Directory Server 13: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: