{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-11789", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-09T12:58:52.530Z", "datePublished": "2026-06-09T13:02:59.276Z", "dateUpdated": "2026-06-09T16:16:07.367Z"}, "containers": {"cna": {"title": "389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Directory Server 11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:11"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:12"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:13"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-11789", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485422", "name": "RHBZ#2485422", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"}], "datePublic": "2026-04-16T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)", "workarounds": [{"lang": "en", "value": "Disable nsslapd-allow-hashed-passwords (default: off) to prevent non-DM users from setting pre-hashed passwords. Restrict Directory Manager credentials; limit DM access to management networks and audit DM operations via nsslapd-auditlog. Monitor for suspicious userPassword modifications. Migrate stored passwords from {SMD5} to {PBKDF2_SHA256} to eliminate the vulnerable code path for existing accounts."}], "timeline": [{"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-09T13:02:59.276Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-09T16:15:56.091915Z", "id": "CVE-2026-11789", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T16:16:07.367Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-11789", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-09T12:58:52.530Z", "datePublished": "2026-06-09T13:02:59.276Z", "dateUpdated": "2026-06-09T16:16:07.367Z"}, "containers": {"cna": {"title": "389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Directory Server 11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:11"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12/389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:12"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:directory_server:13"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-11789", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485422", "name": "RHBZ#2485422", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"}], "datePublic": "2026-04-16T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)", "workarounds": [{"lang": "en", "value": "Disable nsslapd-allow-hashed-passwords (default: off) to prevent non-DM users from setting pre-hashed passwords. Restrict Directory Manager credentials; limit DM access to management networks and audit DM operations via nsslapd-auditlog. Monitor for suspicious userPassword modifications. Migrate stored passwords from {SMD5} to {PBKDF2_SHA256} to eliminate the vulnerable code path for existing accounts."}], "timeline": [{"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-16T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-09T13:02:59.276Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-11789", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-09T16:15:56.091915Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T16:16:02.791Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A169F6D-88A5-4631-9D30-519350ACFE6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "A3DAF61A-58A9-41A6-A4DC-64148055B0C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:directory_server:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "904002F4-762C-4CFF-88C4-8FC929774DF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:389_directory_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "A861110D-0BBC-4052-BBFD-F718F6CD72C5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication."}], "id": "CVE-2026-11789", "lastModified": "2026-06-12T18:30:21.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-06-09T14:16:37.070", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2026-11789"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485422"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Enterprise Linux 10", "source": "cna", "vendor": "Red Hat"}, "product": "enterprise_linux", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "Red Hat Directory Server 11", "source": "cna", "vendor": "Red Hat"}, "product": "redhat_directory_server", "vendor": "redhat"}], "created": "2026-06-09T15:00:07.912242+00:00", "updated": "2026-06-09T20:20:41.033443+00:00", "vendors": ["redhat", "redhat$PRODUCT$enterprise_linux", "redhat$PRODUCT$redhat_directory_server"]}