unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)
Summary
unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS). Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected package(s): 389-ds-base, 389-ds:1.4, redhat-ds:11, redhat-ds:12, dirsrv/dirsrv-container-rhel10:1781714123. Resolved in Red Hat advisory RHSA-2026:26463 — update the affected packages (`sudo dnf update`).
- 389-ds-base-0:2.8.0-7.el9_8
- 389-ds:1.4-8100020260601102239.25e700aa
- redhat-ds:11-8080020260610130252.f969626e
- 389-ds-base-0:2.6.1-21.el9_6
- redhat-ds:12-9040020260611130021.1674d574
- redhat-ds:11-8060020260609102432.0ca98e7e
- redhat-ds:12-9020020260615123354.1674d574
- 389-ds-base-0:2.2.4-18.el9_2
- 389-ds-base-0:3.0.6-18.el10_0
- 389-ds:1.4-8060020260609102416.824efc52
- 389-ds-base-0:1.3.11.1-12.el7_9
- redhat-ds:11-8100020260601104139.37ed7c03
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- RHSA-2026:26463
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:26463 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.