Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-11610

Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-122 Desbordamiento de búfer basado en memoria dinámica (Heap)
Fecha de publicación:
07/07/2026
Última modificación:
07/07/2026

Descripción

*** Pendiente de traducción *** A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server<br /> (389-ds-base). After a successful SASL bind with integrity protection (SSF &gt; 0),<br /> an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet<br /> that is copied into a 512-byte heap receive buffer without a bounds check in<br /> sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of<br /> attacker-controlled data to overflow the buffer, causing a denial of service (server<br /> crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with<br /> a valid Kerberos ticket, any enrolled host, or any service account can trigger this<br /> vulnerability over the network after authenticating via GSSAPI.<br /> The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and<br /> was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow<br /> in schema.c only.