CVE-2026-11787 - Vulnerability Details - OpenCVE

A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Directory Server Enterprise Linux

No data.

No data.

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-11787
https://bugzilla.redhat.com/show_bug.cgi?id=2485425
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

History

Tue, 09 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.
Title		389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing
First Time appeared		Redhat Redhat directory Server Redhat enterprise Linux
Weaknesses		CWE-126
CPEs		cpe:/a:redhat:directory_server:11 cpe:/a:redhat:directory_server:12 cpe:/a:redhat:directory_server:13 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat directory Server Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-11787 https://bugzilla.redhat.com/show_bug.cgi?id=2485425 https://redhat.atlassian.net/browse/PSIRTSUPT-7600
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-09T13:02:53.711Z

Updated: 2026-06-09T13:30:35.749Z

Reserved: 2026-06-09T12:55:55.703Z

Link: CVE-2026-11787

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-06-09T14:16:36.773

Modified: 2026-06-09T14:42:21.530

Link: CVE-2026-11787

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-11787", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-09T12:55:55.703Z", "datePublished": "2026-06-09T13:02:53.711Z", "dateUpdated": "2026-06-09T13:30:35.749Z"}, "containers": {"cna": {"title": "389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Directory Server 11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:11"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:12"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:13"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-11787", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485425", "name": "RHBZ#2485425", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"}], "datePublic": "2026-04-16T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "Buffer Over-read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-126: Buffer Over-read", "workarounds": [{"lang": "en", "value": "No direct workaround addresses the code-level bug; network-level mitigations (proxies, WAFs, filter validation) do not apply. Mitigation measures to reduce exposure: restrict plugin configuration access (MEP originFilter, UID uniqueness nsUniqueAttribute, strict ACIs on cn=config); restrict Directory Manager access for ACI, MEP, or uniqueness plugin configuration; harden replication topology to restrict replication peers; monitor for anomalous search result sets that may indicate exploitation."}], "timeline": [{"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-09T13:02:53.711Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-09T13:30:15.301451Z", "id": "CVE-2026-11787", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T13:30:35.749Z"}}]}}