CVE-2026-11610
Severity CVSS v4.0:
Pending analysis
Type:
CWE-122
Heap-based Buffer Overflow
Publication date:
07/07/2026
Last modified:
07/07/2026
Description
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server<br />
(389-ds-base). After a successful SASL bind with integrity protection (SSF > 0),<br />
an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet<br />
that is copied into a 512-byte heap receive buffer without a bounds check in<br />
sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of<br />
attacker-controlled data to overflow the buffer, causing a denial of service (server<br />
crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with<br />
a valid Kerberos ticket, any enrolled host, or any service account can trigger this<br />
vulnerability over the network after authenticating via GSSAPI.<br />
The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and<br />
was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow<br />
in schema.c only.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH



