Fluid Attacks Database

Description

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schema_attr_enum_callback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	389-ds-base	=1.4.4.11-2 \|\| =1.4.4.11-2+deb11u1 \|\| =1.4.4.16-1 \|\| =1.4.4.17-1 \|\| =2.0.11-1 \|\| =2.0.11-2 \|\| =2.0.14-1 \|\| =2.0.15-1 \|\| =2.0.15-1.1 \|\| =2.3.1+dfsg1-1 \|\| =2.3.1-1 \|\| =2.3.4+dfsg1-1 \|\| =2.3.4+dfsg1-1.1 \|\| =2.4.4+dfsg1-1 \|\| =2.4.4+dfsg1-3 \|\| =2.4.5+dfsg1-1 \|\| =3.0.2+dfsg1-1 \|\| =3.1.1+dfsg1-1 \|\| =3.1.1+dfsg1-2 \|\| =3.1.1+dfsg1-3 \|\| =3.1.2+dfsg1-1 \|\| =3.1.2+vendor1-1 \|\| =3.1.2+vendor1-2	-
debian 12	389-ds-base	=2.3.1+dfsg1-1 \|\| =2.3.1+dfsg1-1+deb12u1 \|\| =2.3.4+dfsg1-1 \|\| =2.3.4+dfsg1-1.1 \|\| =2.4.4+dfsg1-1 \|\| =2.4.4+dfsg1-3 \|\| =2.4.5+dfsg1-1 \|\| =3.0.2+dfsg1-1 \|\| =3.1.1+dfsg1-1 \|\| =3.1.1+dfsg1-2 \|\| =3.1.1+dfsg1-3 \|\| =3.1.2+dfsg1-1 \|\| =3.1.2+vendor1-1 \|\| =3.1.2+vendor1-2	-
debian 13	389-ds-base	=3.1.2+dfsg1-1 \|\| >=0 <3.1.2+dfsg1-1+deb13u1	3.1.2+dfsg1-1+deb13u1
rpm rhel6	389-ds-base	-	-
rpm rhel9	389-ds-base	<0:2.7.0-10.el9_7	0:2.7.0-10.el9_7
rpm rhel10	389-ds-base	<0:3.1.3-7.el10_1	0:3.1.3-7.el10_1
rpm rhel7	389-ds-base	-	-
rpm rhel10.0	389-ds-base	<0:3.0.6-17.el10_0	0:3.0.6-17.el10_0
rpm rhel9.6	389-ds-base	<0:2.6.1-20.el9_6	0:2.6.1-20.el9_6
rpm rhel9.4	389-ds-base	<0:2.4.5-24.el9_4	0:2.4.5-24.el9_4

Aliases

1. CVE-2025-149052. NVD-2025-149053. OSV-DEBIAN-2025-149054. OSV-2025-149055. SECURITY-TRACKER-CVE-2025-14905

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.