CVE-2025-14905

medium

Red Hat

CVSS v3 Base Score

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Published: February 23, 2026

Last Modified: February 23, 2026

Vendor: Red Hat

Description

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

CWE

CWE-122

Affected Products

Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Directory Server 13Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update Support

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov

CVE-2025-14905

Vulnerability Report

Description

CWE

Affected Products

Fix Status

References