CVE-2026-14940 in 389 Directory Serverinfo

Summary

by MITRE • 07/07/2026

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/07/2026

This vulnerability resides in the 389 Directory Server implementation where a heap-buffer-overflow condition occurs during distinguished name normalization processes. The flaw specifically manifests when processing Distinguished Names containing legacy-quoted values that encode multivalued nested Relative Distinguished Names, representing a complex interaction between LDAP directory operations and memory management within the server's core processing routines.

The technical execution involves a buffer overflow scenario where the server's DN normalization routine attempts to sort RDN attribute-value pairs beyond allocated heap boundaries. This occurs during the parsing of legacy-quoted value encodings that contain nested multivalued structures, creating an unpredictable memory corruption pattern that can overwrite adjacent heap allocations. The vulnerability operates at the intersection of LDAP protocol handling and memory safety mechanisms, leveraging the server's internal DN processing logic to achieve memory corruption.

The operational impact of this vulnerability allows unauthenticated remote attackers to trigger denial of service conditions through carefully crafted LDAP search operations with specific base DNs. The attacker need only send a single malformed LDAP request to potentially corrupt heap memory, causing the directory server to crash or become unresponsive. This represents a critical security risk for directory services that rely on 389-ds-base, as it enables remote disruption of authentication and authorization services without requiring any credentials or privileged access.

This vulnerability aligns with CWE-121 heap-based buffer overflow classifications and maps to ATT&CK technique T1499.004 for network denial of service attacks. The flaw demonstrates poor input validation in the LDAP DN normalization process, specifically within the RDN sorting functionality that fails to properly bounds-check memory allocations when handling complex nested value structures. Organizations utilizing 389 Directory Server should implement immediate mitigations including version updates, input validation restrictions, and monitoring for anomalous LDAP traffic patterns that might indicate exploitation attempts.

The memory corruption potential extends beyond simple denial of service to include possible information disclosure or arbitrary code execution if the overflow can be carefully controlled by an attacker. This makes the vulnerability particularly dangerous in environments where directory servers handle sensitive authentication data or serve as critical infrastructure components for enterprise security systems. Security teams should prioritize patching this vulnerability and implement network-level controls to restrict LDAP traffic until proper updates are deployed across all affected systems.

The root cause stems from insufficient bounds checking during DN normalization operations, particularly when processing legacy quoted value encodings that contain multivalued nested RDN structures. This represents a classic memory safety issue where heap allocation assumptions fail during complex data processing scenarios involving nested structures and legacy encoding formats typical in directory service implementations. The vulnerability highlights the importance of robust input validation and memory management practices in enterprise directory services that handle diverse LDAP protocol operations from untrusted network sources.

Responsible

Redhat

Reservation

07/07/2026

Disclosure

07/07/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!