EUVD-2026-36045

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

PT-2026-48432

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A heap buffer overflow occurs during the serialization of objectclass definitions. The length of the oc superior SUP field is omitted from buffer size calculations within the rea...

SUSE-SU-2026:1753-1 Security update for 389-ds

This update for 389-ds fixes the following issues: Update to version 2.0.20git89.937b1f291. Security issues fixed: - CVE-2025-14905: heap buffer overflow due to improper size calculation in schemaattrenumcallback callback bsc1258727. Other updates and bugfixes: - Issue 7224 - CI Test - Simplify...

Alibaba Cloud Linux 3 : 0072: 389-ds:1.4 (ALINUX3-SA-2026:0072)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0072 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-14905: A flaw was found in the 389-ds-base...

Oracle Linux 7 : 389-ds-base (ELSA-2026-6220)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6220 advisory. - Security fix for CVE-2025-14905 Orabug: 39146844 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

389-ds-3.1.4+e2562f589-1.1 on GA media (moderate)

389-ds-3.1.4+e2562f589-1.1 on GA media Announcement ID: openSUSE-SU-2026:10500-1 Rating: moderate Cross-References: CVE-2025-14905 CVSS scores: CVE-2025-14905 SUSE : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-14905 SUSE : 8.6...

Moderate: Red Hat Security Advisory: 389-ds:1.4 security update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Commo...

RHEL 8 : 389-ds:1.4 (RHSA-2026:6268)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6268 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

RHEL 7 : 389-ds-base (RHSA-2026:6220)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6220 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

AlmaLinux 8 : 389-ds:1.4 (ALSA-2026:5513)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5513 advisory. 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow CVE-2025-14905 Tenable has extracted the preceding description block...

Moderate: Red Hat Security Advisory: 389-ds-base security update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: 389-ds-base security update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: redhat-ds:12 security update

An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.2 E4S for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: redhat-ds:11 security update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.7 E4S for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 8 : 389-ds:1.4 (RHSA-2026:5513)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5513 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

RHEL 8 : 389-ds:1.4 (RHSA-2026:5511)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5511 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

RHEL 9 : redhat-ds:12 (RHSA-2026:5569)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5569 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP serve...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2026-5513)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5513 advisory. - Resolves: RHEL-137074 - CVE-2025-14905 389-ds:1.4/389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow rhel-8.10.z...

RHEL 8 : 389-ds:1.4 (RHSA-2026:5576)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5576 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

RHEL 9 : 389-ds-base (RHSA-2026:5598)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5598 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...