CVE-2026-11789

Published: Giu 09, 2026 Last Modified: Giu 12, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0006
Percentile
0,2th
Updated

EPSS Score Trend (Last 5 Days)

191

Integer Underflow (Wrap or Wraparound)

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Languages: C, C++, Java, C#
View CWE Details
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Directory Server by Redhat

Product Information
Vendor Redhat
Product Directory Server
Version 11.0
cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Directory Server by Redhat

Product Information
Vendor Redhat
Product Directory Server
Version 13.0
cpe:2.3:a:redhat:directory_server:13.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Directory Server by Redhat

Product Information
Vendor Redhat
Product Directory Server
Version 12.0
cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

389 Directory Server by Redhat

Product Information
Vendor Redhat
Product 389 Directory Server
Version -
cpe:2.3:o:redhat:389_directory_server:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 10.0
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/security/cve/CVE-2026-11789
https://access.redhat.com/security/cve/CVE-2026-11789
https://bugzilla.redhat.com/show_bug.cgi?id=2485422
https://bugzilla.redhat.com/show_bug.cgi?id=2485422
https://redhat.atlassian.net/browse/PSIRTSUPT-7600
https://redhat.atlassian.net/browse/PSIRTSUPT-7600