CVE-2025-14905
Received Received - Intake
Heap Buffer Overflow in 389-ds-base Enables Remote Code Execution

Publication date: 2026-02-23

Last updated on: 2026-03-31

Assigner: Red Hat, Inc.

Description
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-23
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-02-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14905
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redhat 389-ds-base *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14905 is a heap buffer overflow vulnerability found in the 389-ds-base server, specifically in the schema_attr_enum_callback function within the schema.c file.

The vulnerability occurs because the code calculates the buffer size by summing the lengths of alias strings but fails to account for additional formatting characters added during printing.

A static buffer size of 256 bytes is used to accommodate this overhead, but when a large number of aliases are processed, the extra 3 bytes per alias exceed this margin, causing a heap overflow.

This flaw can be exploited by a remote attacker to cause a Denial of Service (DoS) or potentially achieve Remote Code Execution (RCE).

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to exploit the heap buffer overflow to cause a Denial of Service (DoS), making the affected service unavailable.

More severely, the attacker may achieve Remote Code Execution (RCE), which could allow them to execute arbitrary code on the affected system with the privileges of the 389-ds-base server.

Such impacts can lead to system compromise, data breaches, or disruption of services relying on the 389-ds-base server.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The vulnerability affects all Linux systems running the affected versions of the 389-ds-base server. Immediate mitigation involves updating or patching the 389-ds-base package to a version where this heap buffer overflow issue in the schema_attr_enum_callback function has been fixed.

Since the flaw is due to incorrect buffer size calculation when processing a large number of aliases, limiting the number of aliases or disabling vulnerable features temporarily may reduce exposure until a patch is applied.

Monitor official advisories and apply updates before the resolution deadline of February 20, 2026.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14905. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart