CVE-2025-14905

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:3189
https://access.redhat.com/errata/RHSA-2026:3208
https://access.redhat.com/errata/RHSA-2026:3379
https://access.redhat.com/errata/RHSA-2026:3504
https://access.redhat.com/errata/RHSA-2026:4207
https://access.redhat.com/errata/RHSA-2026:4661
https://access.redhat.com/errata/RHSA-2026:4720
https://access.redhat.com/errata/RHSA-2026:5196
https://access.redhat.com/errata/RHSA-2026:5511
https://access.redhat.com/errata/RHSA-2026:5512
https://access.redhat.com/errata/RHSA-2026:5513
https://access.redhat.com/errata/RHSA-2026:5514
https://access.redhat.com/errata/RHSA-2026:5568
https://access.redhat.com/errata/RHSA-2026:5569
https://access.redhat.com/errata/RHSA-2026:5576
https://access.redhat.com/errata/RHSA-2026:5597
https://access.redhat.com/errata/RHSA-2026:5598
https://access.redhat.com/security/cve/CVE-2025-14905
https://bugzilla.redhat.com/show_bug.cgi?id=2423624

Configurations

No configuration.

History

No history.

Information

Published : 2026-02-23 16:29

Updated : 2026-03-24 11:16

NVD link : CVE-2025-14905

Mitre link : CVE-2025-14905

CVE.ORG link : CVE-2025-14905

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2025-14905", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2026-02-23T16:29:35.620", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3189", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3208", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3379", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3504", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4207", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4661", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4720", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5196", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5511", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5512", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5513", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5514", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5568", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5569", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5576", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5597", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5598", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14905", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423624", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE)."}, {"lang": "es", "value": "Se encontr\u00f3 un defecto en el servidor 389-ds-base. Existe una vulnerabilidad de desbordamiento de b\u00fafer de mont\u00edculo en la funci\u00f3n 'schema_attr_enum_callback' dentro del archivo 'schema.c'. Esto ocurre porque el c\u00f3digo calcula incorrectamente el tama\u00f1o del b\u00fafer al sumar las longitudes de las cadenas de alias sin tener en cuenta los caracteres de formato adicionales. Cuando se procesa un gran n\u00famero de alias, este descuido puede conducir a un desbordamiento de mont\u00edculo, lo que podr\u00eda permitir a un atacante remoto causar una denegaci\u00f3n de servicio (DoS) o lograr ejecuci\u00f3n remota de c\u00f3digo (RCE)."}], "lastModified": "2026-03-24T11:16:22.157", "sourceIdentifier": "secalert@redhat.com"}