heap-buffer-overflow in DN normalization via quoted multivalued RDN
Summary
A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service. Red Hat rates this issue as Moderate impact. In 389-ds-base, DN normalization of a crafted legacy-quoted multivalued RDN can corrupt heap memory during internal attribute-value sorting. Any unauthenticated client that can reach the LDAP service and supply a malformed DN in an operation such as search, bind, add, or modify can trigger the bug. In standard production builds, the server often rejects the malformed DN with "Invalid DN syntax" and continues operating; the heap corruption may be silent rather than immediately terminating ns-slapd. Denial of service is more reliably observed when heap debugging is enabled (for example AddressSanitizer or MALLOC_CHECK_=3), or depending on heap layout and subsequent memory allocator activity. There is no configuration switch to disable DN normalization for client-supplied DNs.
Mitigation checklist
- Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Official advisory · high-confidence parse· fetched 29 minutes ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.