{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-11786", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-09T12:54:20.303Z", "datePublished": "2026-06-09T12:57:59.768Z", "dateUpdated": "2026-06-09T13:38:21.833Z"}, "containers": {"cna": {"title": "389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Directory Server 11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:11"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:12"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:13"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-11786", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485426", "name": "RHBZ#2485426", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"}], "datePublic": "2026-04-16T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "workarounds": [{"lang": "en", "value": "Validate LDIF files for malformed attribute types before importing. Reject any LDIF entry containing attribute types with trailing semicolons (e.g., userCertificate;binary;). Pre-import validation: grep -nE '^[a-zA-Z][a-zA-Z0-9-]*;[^:]*;:' input.ldif && echo \"REJECT: trailing semicolon in attribute type\". This does not protect against the replication changelog path (corrupted stored data), but that path requires pre-existing database corruption, not external input."}], "timeline": [{"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-09T12:57:59.768Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-09T13:37:04.724370Z", "id": "CVE-2026-11786", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T13:38:21.833Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-11786", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-09T12:54:20.303Z", "datePublished": "2026-06-09T12:57:59.768Z", "dateUpdated": "2026-06-09T13:38:21.833Z"}, "containers": {"cna": {"title": "389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Directory Server 11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:11"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:12"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:13"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-11786", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485426", "name": "RHBZ#2485426", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"}], "datePublic": "2026-04-16T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "workarounds": [{"lang": "en", "value": "Validate LDIF files for malformed attribute types before importing. Reject any LDIF entry containing attribute types with trailing semicolons (e.g., userCertificate;binary;). Pre-import validation: grep -nE '^[a-zA-Z][a-zA-Z0-9-]*;[^:]*;:' input.ldif && echo \"REJECT: trailing semicolon in attribute type\". This does not protect against the replication changelog path (corrupted stored data), but that path requires pre-existing database corruption, not external input."}], "timeline": [{"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-09T12:57:59.768Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-11786", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-09T13:37:04.724370Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T13:38:02.611Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation."}], "id": "CVE-2026-11786", "lastModified": "2026-06-09T14:42:21.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2026-06-09T14:16:36.630", "references": [{"source": "[email protected]", "url": "https://access.redhat.com/security/cve/CVE-2026-11786"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485426"}, {"source": "[email protected]", "url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Primary"}]}

{}

{}