{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14905", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-12-18T18:06:35.400Z", "datePublished": "2026-02-23T15:41:47.976Z", "dateUpdated": "2026-03-31T15:40:05.143Z"}, "containers": {"cna": {"title": "389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE)."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Directory Server 11.5 E4S for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11", "defaultStatus": "affected", "versions": [{"version": "8060020260303152239.0ca98e7e", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server_e4s:11.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 11.7 E4S for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11", "defaultStatus": "affected", "versions": [{"version": "8080020260227193008.f969626e", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server_e4s:11.7::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 11.9 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11", "defaultStatus": "affected", "versions": [{"version": "8100020260312105752.37ed7c03", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server:11.9::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12.2 E4S for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12", "defaultStatus": "affected", "versions": [{"version": "9020020260304180546.1674d574", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server_e4s:12.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12.4 EUS for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12", "defaultStatus": "affected", "versions": [{"version": "9040020260225135630.1674d574", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server_eus:12.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-7.el10_1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.1"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:3.0.6-17.el10_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux_eus:10.0"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:1.3.11.1-11.el7_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_els:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8100020260312103235.25e700aa", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8020020260303204738.dbc46ba7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8040020260303172348.96015a92", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8040020260303172348.96015a92", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8060020260303144613.824efc52", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8060020260303144613.824efc52", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8060020260303144613.824efc52", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8080020260227183930.6dbb3803", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.8::appstream", "cpe:/a:redhat:rhel_tus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8080020260227183930.6dbb3803", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.8::appstream", "cpe:/a:redhat:rhel_tus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:2.7.0-10.el9_7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:2.0.14-5.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:2.2.4-17.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:2.4.5-24.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/a:redhat:rhel_eus:9.4::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:2.6.1-20.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.6::crb", "cpe:/a:redhat:rhel_eus:9.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 13.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "dirsrv/dirsrv-container-rhel10", "defaultStatus": "affected", "versions": [{"version": "sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server:13.1::el10"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:12"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:13"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3189", "name": "RHSA-2026:3189", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3208", "name": "RHSA-2026:3208", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3379", "name": "RHSA-2026:3379", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3504", "name": "RHSA-2026:3504", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:4207", "name": "RHSA-2026:4207", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:4661", "name": "RHSA-2026:4661", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:4720", "name": "RHSA-2026:4720", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5196", "name": "RHSA-2026:5196", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5511", "name": "RHSA-2026:5511", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5512", "name": "RHSA-2026:5512", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5513", "name": "RHSA-2026:5513", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5514", "name": "RHSA-2026:5514", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5568", "name": "RHSA-2026:5568", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5569", "name": "RHSA-2026:5569", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5576", "name": "RHSA-2026:5576", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5597", "name": "RHSA-2026:5597", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5598", "name": "RHSA-2026:5598", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:6220", "name": "RHSA-2026:6220", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:6268", "name": "RHSA-2026:6268", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14905", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624", "name": "RHBZ#2423624", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-02-23T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow", "workarounds": [{"lang": "en", "value": "Restrict network access to the 389-ds-base server to only trusted hosts and networks using firewall rules. Additionally, ensure that administrative access to the server is strictly limited to authorized personnel with strong authentication, as exploitation requires high privileges. This reduces the attack surface and the likelihood of an attacker gaining the necessary privileges to trigger the heap overflow."}], "timeline": [{"lang": "en", "time": "2025-12-18T18:04:56.621Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-23T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Red Hat Security Research Team (Red Hat Inc.)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-31T15:40:05.143Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T18:49:43.028074Z", "id": "CVE-2025-14905", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T18:54:27.128Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-23T18:49:43.028074Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T18:54:18.796Z"}}], "cna": {"title": "389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow", "credits": [{"lang": "en", "value": "This issue was discovered by Red Hat Security Research Team (Red Hat Inc.)."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:directory_server_e4s:11.5::el8"], "vendor": "Red Hat", "product": "Red Hat Directory Server 11.5 E4S for RHEL 8", "versions": [{"status": "unaffected", "version": "8060020260303152239.0ca98e7e", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server_e4s:11.7::el8"], "vendor": "Red Hat", "product": "Red Hat Directory Server 11.7 E4S for RHEL 8", "versions": [{"status": "unaffected", "version": "8080020260227193008.f969626e", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:11.9::el8"], "vendor": "Red Hat", "product": "Red Hat Directory Server 11.9 for RHEL 8", "versions": [{"status": "unaffected", "version": "8100020260312105752.37ed7c03", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server_e4s:12.2::el9"], "vendor": "Red Hat", "product": "Red Hat Directory Server 12.2 E4S for RHEL 9", "versions": [{"status": "unaffected", "version": "9020020260304180546.1674d574", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server_eus:12.4::el9"], "vendor": "Red Hat", "product": "Red Hat Directory Server 12.4 EUS for RHEL 9", "versions": [{"status": "unaffected", "version": "9040020260225135630.1674d574", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.1"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:3.1.3-7.el10_1", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux_eus:10.0"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10.0 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:3.0.6-17.el10_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_els:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "versions": [{"status": "unaffected", "version": "0:1.3.11.1-11.el7_9", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8100020260312103235.25e700aa", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "8020020260303204738.dbc46ba7", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "8040020260303172348.96015a92", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "versions": [{"status": "unaffected", "version": "8040020260303172348.96015a92", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "8060020260303144613.824efc52", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "8060020260303144613.824efc52", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "8060020260303144613.824efc52", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.8::appstream", "cpe:/a:redhat:rhel_tus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "8080020260227183930.6dbb3803", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.8::appstream", "cpe:/a:redhat:rhel_tus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "8080020260227183930.6dbb3803", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.7.0-10.el9_7", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.0.14-5.el9_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.2.4-17.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/a:redhat:rhel_eus:9.4::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:2.4.5-24.el9_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.6::crb", "cpe:/a:redhat:rhel_eus:9.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.6 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:2.6.1-20.el9_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:13.1::el10"], "vendor": "Red Hat", "product": "Red Hat Directory Server 13.1", "versions": [{"status": "unaffected", "version": "sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5", "lessThan": "*", "versionType": "rpm"}], "packageName": "dirsrv/dirsrv-container-rhel10", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:12"], "vendor": "Red Hat", "product": "Red Hat Directory Server 12", "packageName": "redhat-ds:12/389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:13"], "vendor": "Red Hat", "product": "Red Hat Directory Server 13", "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2025-12-18T18:04:56.621Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-23T00:00:00.000Z", "value": "Made public."}], "datePublic": "2026-02-23T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3189", "name": "RHSA-2026:3189", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3208", "name": "RHSA-2026:3208", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3379", "name": "RHSA-2026:3379", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3504", "name": "RHSA-2026:3504", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:4207", "name": "RHSA-2026:4207", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:4661", "name": "RHSA-2026:4661", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:4720", "name": "RHSA-2026:4720", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5196", "name": "RHSA-2026:5196", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5511", "name": "RHSA-2026:5511", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5512", "name": "RHSA-2026:5512", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5513", "name": "RHSA-2026:5513", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5514", "name": "RHSA-2026:5514", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5568", "name": "RHSA-2026:5568", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5569", "name": "RHSA-2026:5569", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5576", "name": "RHSA-2026:5576", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5597", "name": "RHSA-2026:5597", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:5598", "name": "RHSA-2026:5598", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:6220", "name": "RHSA-2026:6220", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:6268", "name": "RHSA-2026:6268", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14905", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624", "name": "RHBZ#2423624", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Restrict network access to the 389-ds-base server to only trusted hosts and networks using firewall rules. Additionally, ensure that administrative access to the server is strictly limited to authorized personnel with strong authentication, as exploitation requires high privileges. This reduces the attack surface and the likelihood of an attacker gaining the necessary privileges to trigger the heap overflow."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-31T15:40:05.143Z"}, "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"}}, "cveMetadata": {"cveId": "CVE-2025-14905", "state": "PUBLISHED", "dateUpdated": "2026-03-31T15:40:05.143Z", "dateReserved": "2025-12-18T18:06:35.400Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-02-23T15:41:47.976Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE)."}, {"lang": "es", "value": "Se encontr\u00f3 un defecto en el servidor 389-ds-base. Existe una vulnerabilidad de desbordamiento de b\u00fafer de mont\u00edculo en la funci\u00f3n 'schema_attr_enum_callback' dentro del archivo 'schema.c'. Esto ocurre porque el c\u00f3digo calcula incorrectamente el tama\u00f1o del b\u00fafer al sumar las longitudes de las cadenas de alias sin tener en cuenta los caracteres de formato adicionales. Cuando se procesa un gran n\u00famero de alias, este descuido puede conducir a un desbordamiento de mont\u00edculo, lo que podr\u00eda permitir a un atacante remoto causar una denegaci\u00f3n de servicio (DoS) o lograr ejecuci\u00f3n remota de c\u00f3digo (RCE)."}], "id": "CVE-2025-14905", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2026-02-23T16:29:35.620", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:3189"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:3208"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:3379"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:3504"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:4207"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:4661"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:4720"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5196"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5511"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5512"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5513"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5514"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5568"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5569"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5576"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5597"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:5598"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:6220"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:6268"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-14905"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Red Hat Security Research Team (Red Hat Inc.).", "bugzilla": {"description": "389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow", "id": "2423624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE)."], "mitigation": {"lang": "en:us", "value": "Restrict network access to the 389-ds-base server to only trusted hosts and networks using firewall rules. Additionally, ensure that administrative access to the server is strictly limited to authorized personnel with strong authentication, as exploitation requires high privileges. This reduces the attack surface and the likelihood of an attacker gaining the necessary privileges to trigger the heap overflow."}, "name": "CVE-2025-14905", "package_state": [{"cpe": "cpe:/a:redhat:directory_server:11", "fix_state": "Affected", "package_name": "redhat-ds:11/389-ds-base", "product_name": "Red Hat Directory Server 11"}, {"cpe": "cpe:/a:redhat:directory_server:12", "fix_state": "Affected", "package_name": "redhat-ds:12/389-ds-base", "product_name": "Red Hat Directory Server 12"}, {"cpe": "cpe:/a:redhat:directory_server:13", "fix_state": "Will not fix", "package_name": "389-ds-base", "product_name": "Red Hat Directory Server 13"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "389-ds:1.4/389-ds-base", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-14905\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-14905"], "statement": "This vulnerability is rated Moderate for Red Hat Directory Server. A heap buffer overflow in the `389-ds-base` component can lead to a denial of service or potential remote code execution. Exploitation requires high privileges on the Directory Server, limiting the attack surface to authenticated administrative users.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Enterprise Linux 10", "source": "cna", "vendor": "Red Hat"}, "product": "enterprise_linux", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "Red Hat Directory Server 11", "source": "cna", "vendor": "Red Hat"}, "product": "redhat_directory_server", "vendor": "redhat"}], "created": "2026-02-24T09:55:35.453632+00:00", "updated": "2026-02-24T09:55:35.453729+00:00", "vendors": ["redhat", "redhat$PRODUCT$enterprise_linux", "redhat$PRODUCT$redhat_directory_server"]}