CVE-2025-14905

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:3189
https://access.redhat.com/errata/RHSA-2026:3208
https://access.redhat.com/errata/RHSA-2026:3379
https://access.redhat.com/errata/RHSA-2026:3504
https://access.redhat.com/errata/RHSA-2026:4207
https://access.redhat.com/security/cve/CVE-2025-14905
https://bugzilla.redhat.com/show_bug.cgi?id=2423624

Configurations

No configuration.

History

10 Mar 2026, 22:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:4207 -

02 Mar 2026, 07:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3504 -

25 Feb 2026, 21:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3379 -

25 Feb 2026, 00:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3208 -
Summary		(es) Se encontró un defecto en el servidor 389-ds-base. Existe una vulnerabilidad de desbordamiento de búfer de montículo en la función 'schema_attr_enum_callback' dentro del archivo 'schema.c'. Esto ocurre porque el código calcula incorrectamente el tamaño del búfer al sumar las longitudes de las cadenas de alias sin tener en cuenta los caracteres de formato adicionales. Cuando se procesa un gran número de alias, este descuido puede conducir a un desbordamiento de montículo, lo que podría permitir a un atacante remoto causar una denegación de servicio (DoS) o lograr ejecución remota de código (RCE).

24 Feb 2026, 12:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3189 -

23 Feb 2026, 16:29

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-23 16:29

Updated : 2026-03-10 22:16

NVD link : CVE-2025-14905

Mitre link : CVE-2025-14905

CVE.ORG link : CVE-2025-14905

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

7.2 /10