CVE-2026-11610

Severity CVSS v4.0:
Pending analysis
Type:
CWE-122 Heap-based Buffer Overflow
Publication date:
07/07/2026
Last modified:
07/07/2026

Description

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server<br /> (389-ds-base). After a successful SASL bind with integrity protection (SSF &gt; 0),<br /> an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet<br /> that is copied into a 512-byte heap receive buffer without a bounds check in<br /> sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of<br /> attacker-controlled data to overflow the buffer, causing a denial of service (server<br /> crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with<br /> a valid Kerberos ticket, any enrolled host, or any service account can trigger this<br /> vulnerability over the network after authenticating via GSSAPI.<br /> The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and<br /> was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow<br /> in schema.c only.