Description

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

INFO

Published Date :

2026-02-23T15:41:47.976Z

Last Modified :

2026-03-31T15:40:05.143Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-14905 vulnerability.

Vendors Products
Redhat
  • Directory Server
  • Directory Server E4s
  • Directory Server Eus
  • Enterprise Linux
  • Enterprise Linux Eus
  • Redhat Directory Server
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Eus Long Life
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-14905.

URL Resource
https://access.redhat.com/errata/RHSA-2026:3189 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:3208 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:3379 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:3504 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:4207 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:4661 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:4720 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5196 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5511 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5512 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5513 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5514 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5568 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5569 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5576 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5597 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5598 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:6220 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:6268 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-14905 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2423624 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-14905 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-14905 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact