Fedora Account System
Red Hat Associate
Red Hat Customer
Finding 008 — 389-ds-base SASL heap overflow in sasl_io_recv(). Vulnerable: ldap/servers/slapd/sasl_io.c (~line 456), SASL_IO_BUFFER_NOT_ENCRYPTED path. Introduced by commit b4cdebbe (~2013). Missing bounds check on memcpy into 512-byte c_buffer. Trigger: SASL bind (GSSAPI/DIGEST-MD5), then send padded raw LDAP UNBIND. DoS confirmed on production binary (389-ds-base-3.1.4-6.fc42). Fix: add bounds check before memcpy, same pattern as encrypted return path in sasl_io_recv().
This issue has been addressed in the following products: Red Hat Directory Server 11.9 for RHEL 8 Via RHSA-2026:36200 https://access.redhat.com/errata/RHSA-2026:36200
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:36197 https://access.redhat.com/errata/RHSA-2026:36197
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:36198 https://access.redhat.com/errata/RHSA-2026:36198
This issue has been addressed in the following products: Red Hat Directory Server 11.5 E4S for RHEL 8 Via RHSA-2026:36204 https://access.redhat.com/errata/RHSA-2026:36204
This issue has been addressed in the following products: Red Hat Directory Server 11.7 E4S for RHEL 8 Via RHSA-2026:36208 https://access.redhat.com/errata/RHSA-2026:36208
This issue has been addressed in the following products: Red Hat Directory Server 12.4 E4S for RHEL 9 Via RHSA-2026:36209 https://access.redhat.com/errata/RHSA-2026:36209
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:36195 https://access.redhat.com/errata/RHSA-2026:36195
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:36196 https://access.redhat.com/errata/RHSA-2026:36196
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:36206 https://access.redhat.com/errata/RHSA-2026:36206
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:36205 https://access.redhat.com/errata/RHSA-2026:36205
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:36202 https://access.redhat.com/errata/RHSA-2026:36202
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:36201 https://access.redhat.com/errata/RHSA-2026:36201
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:36585 https://access.redhat.com/errata/RHSA-2026:36585
This issue has been addressed in the following products: Red Hat Directory Server 12.2 E4S for RHEL 9 Via RHSA-2026:36641 https://access.redhat.com/errata/RHSA-2026:36641
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:36670 https://access.redhat.com/errata/RHSA-2026:36670
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:36671 https://access.redhat.com/errata/RHSA-2026:36671