PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14940 Red Hat CVE debrief

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service. The vulnerability has a CVSS score of 5.3 and is considered Medium severity.

Vendor
Red Hat
Product
Red Hat Directory Server 11
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Users of 389 Directory Server (389-ds-base) should be aware of this vulnerability and take steps to mitigate it, as an unauthenticated remote attacker can exploit it to cause denial of service. Affected operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability details and take necessary actions to protect their systems.

Technical summary

The vulnerability is caused by a heap-buffer-overflow flaw in the DN normalization routine of 389 Directory Server (389-ds-base). When a DN with a legacy-quoted value encoding a multivalued nested RDN is normalized, the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. This can be triggered by an unauthenticated remote attacker sending an LDAP operation with a crafted base DN. The vulnerability affects 389 Directory Server (389-ds-base) and can cause denial of service.

Defensive priority

Medium priority should be given to patching this vulnerability, as it can be exploited by an unauthenticated remote attacker to cause denial of service.

Recommended defensive actions

  • Apply the vendor patch as soon as possible
  • Restrict access to the 389 Directory Server (389-ds-base) to only trusted users and networks
  • Monitor the server for suspicious activity and implement additional security measures to detect and prevent potential attacks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-07T15:16:43.193Z and has not been modified since then. The NVD entry is currently 5.3 (Medium). Evidence is limited to public sources and may not reflect the full scope or impact of this vulnerability. Defenders should verify affected deployments and review vendor advisories for specific guidance. Additional information may be needed to fully understand the vulnerability's impact.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T15:16:43.193Z and has not been modified since then.