CVE-2026-11884
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
A heap buffer overflow vulnerability was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges or a compromised replication supplier can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905.
Risk Assessment
The risk involves potential server crash caused by an attacker with Directory Manager privileges or a compromised replication supplier, leading to directory service disruption and possible availability loss.
Recommendation
It is recommended to immediately apply the official vendor patch for 389 Directory Server, restrict Directory Manager privileges, and monitor replication for unauthorized changes.
Original NVD description (English source)
A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges, or a compromised replication supplier, can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905.

