Fedora Account System
Red Hat Associate
Red Hat Customer
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Finding 008 — 389-ds-base SASL heap overflow in sasl_io_recv(). Vulnerable: ldap/servers/slapd/sasl_io.c (~line 456), SASL_IO_BUFFER_NOT_ENCRYPTED path. Introduced by commit b4cdebbe (~2013). Missing bounds check on memcpy into 512-byte c_buffer. Trigger: SASL bind (GSSAPI/DIGEST-MD5), then send padded raw LDAP UNBIND. DoS confirmed on production binary (389-ds-base-3.1.4-6.fc42). Fix: add bounds check before memcpy, same pattern as encrypted return path in sasl_io_recv().