CVE-2026-11610
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-122
Desbordamiento de búfer basado en memoria dinámica (Heap)
Fecha de publicación:
07/07/2026
Última modificación:
07/07/2026
Descripción
*** Pendiente de traducción *** A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server<br />
(389-ds-base). After a successful SASL bind with integrity protection (SSF > 0),<br />
an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet<br />
that is copied into a 512-byte heap receive buffer without a bounds check in<br />
sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of<br />
attacker-controlled data to overflow the buffer, causing a denial of service (server<br />
crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with<br />
a valid Kerberos ticket, any enrolled host, or any service account can trigger this<br />
vulnerability over the network after authenticating via GSSAPI.<br />
The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and<br />
was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow<br />
in schema.c only.
Impacto
Puntuación base 3.x
8.80
Gravedad 3.x
ALTA



