5 matches found
RockyLinux 8 : 389-ds:1.4 (RLSA-2026:26459)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26459 advisory. 389-ds-base: 389-ds-base: unbounded LDAP controls count in getldapmessagecontrolsext causes CPU and heap amplification remote DoS CVE-2026-9064 Tenable has...
389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
RHEL 8 : redhat-ds:11 (RHSA-2026:26461)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26461 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...
SUSE SLES15 Security Update : 389-ds (SUSE-SU-2026:2316-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2316-1 advisory. This update for 389-ds fixes the following issue - CVE-2026-9064: unbounded LDAP controls count in getldapmessagecontrolsext can lead to...