CVE-2026-11884: Heap-based Buffer Overflow in Red Hat Red Hat Directory Server 11
CVE-2026-11884 is a heap-based buffer overflow vulnerability in Red Hat Directory Server 11. It occurs due to omission of the oc_superior (SUP) field length in buffer size calculations during objectclass serialization, while still writing the field via strcat(). An attacker with Directory Manager privileges or a compromised replication supplier can trigger a server crash by creating objectclasses with long SUP values. This issue is an incomplete fix variant of CVE-2025-14905. No patch or official remediation has been confirmed yet.
AI Analysis
Technical Summary
This vulnerability in Red Hat Directory Server 11 involves a heap buffer overflow caused by improper buffer size calculation when serializing objectclass definitions. Specifically, the oc_superior (SUP) field length is not accounted for in read_schema_dse() and schema_oc_to_string(), but the field is still concatenated into the buffer, leading to overflow. Exploitation requires Directory Manager privileges or a compromised replication supplier and results in a denial-of-service via server crash. This flaw is related to an incomplete fix of a previous vulnerability (CVE-2025-14905). The CVSS 3.1 base score is 6.5, reflecting medium severity with high impact on integrity and availability.
Potential Impact
Successful exploitation can cause a denial-of-service condition by crashing the server. The integrity of the directory server can also be impacted due to the ability to manipulate objectclass definitions. No confidentiality impact is indicated. The attack requires high privileges (Directory Manager) or a compromised replication supplier, limiting the attack surface.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-11884 for current remediation guidance. No official fix or temporary workaround is currently documented. Until a patch is available, restrict Directory Manager privileges and monitor for suspicious activity involving objectclass modifications.
CVE-2026-11884: Heap-based Buffer Overflow in Red Hat Red Hat Directory Server 11
Description
CVE-2026-11884 is a heap-based buffer overflow vulnerability in Red Hat Directory Server 11. It occurs due to omission of the oc_superior (SUP) field length in buffer size calculations during objectclass serialization, while still writing the field via strcat(). An attacker with Directory Manager privileges or a compromised replication supplier can trigger a server crash by creating objectclasses with long SUP values. This issue is an incomplete fix variant of CVE-2025-14905. No patch or official remediation has been confirmed yet.
CVSS v3.1
Score 6.5medium
Affected software
cpe:/a:redhat:directory_server:11cpe:/a:redhat:directory_server:12cpe:/a:redhat:directory_server:13cpe:/o:redhat:enterprise_linux:10cpe:/o:redhat:enterprise_linux:6cpe:/o:redhat:enterprise_linux:7AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Red Hat Directory Server 11 involves a heap buffer overflow caused by improper buffer size calculation when serializing objectclass definitions. Specifically, the oc_superior (SUP) field length is not accounted for in read_schema_dse() and schema_oc_to_string(), but the field is still concatenated into the buffer, leading to overflow. Exploitation requires Directory Manager privileges or a compromised replication supplier and results in a denial-of-service via server crash. This flaw is related to an incomplete fix of a previous vulnerability (CVE-2025-14905). The CVSS 3.1 base score is 6.5, reflecting medium severity with high impact on integrity and availability.
Potential Impact
Successful exploitation can cause a denial-of-service condition by crashing the server. The integrity of the directory server can also be impacted due to the ability to manipulate objectclass definitions. No confidentiality impact is indicated. The attack requires high privileges (Directory Manager) or a compromised replication supplier, limiting the attack surface.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-11884 for current remediation guidance. No official fix or temporary workaround is currently documented. Until a patch is available, restrict Directory Manager privileges and monitor for suspicious activity involving objectclass modifications.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-10T13:55:27.884Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-11884","vendor":"Red Hat"}]
Threat ID: 6a29799fc9170919df2daec8
Added to database: 6/10/2026, 2:50:07 PM
Last enriched: 6/10/2026, 3:04:31 PM
Last updated: 6/10/2026, 3:52:37 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.