CVEFinder.io

CVE-2026-14940

đŸ”ļ medium
🔍 Scan for this CVE
Summary

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This

Description

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When
normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a
multivalued nested Relative Distinguished Name (RDN), the server can write past the
end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated
remote attacker can trigger this condition by sending an LDAP operation whose DN
reaches the DN normalization routine, such as a search with a crafted base DN. This
can corrupt heap memory and may cause denial of service.

CVSS Score
5.3
Medium
EPSS Score
0.3
Exploit Probability
Published Date
2026-07-07
First Seen: 2026-07-08
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.6% of all 335,187 vulnerabilities in our database.

#269,587
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jul 7, 2026
🔍 Exploitation Status
None
No known exploits
âš™ī¸ Automatable
YES
Can be exploited automatically
đŸ’Ĩ Technical Impact
Partial
Limited system impact
🏆 Discovered By
Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-07-09
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)

đŸ“Ļ Affected Products 8

🔗 References 2

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-15041 â„šī¸ low 3.7 0.3 A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for co... 2026-07-08
CVE-2026-14969 đŸ”ļ medium 4.4 0.1 A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vecto... 2026-07-07
CVE-2026-58384 âš ī¸ high 7.3 0.2 A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation... 2026-07-07
CVE-2026-58380 âš ī¸ high 7.3 0.2 A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() ... 2026-07-06
CVE-2026-59089 đŸ”ļ medium 5.5 0.2 A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calc... 2026-07-06
CVE-2026-12610 đŸ”ļ medium 6.4 0.2 A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free v... 2026-06-30
These CVEs affect the same products