CVE-2026-11787

5.0 MEDIUM

A flaw was found in 389 Directory Server

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CVSS: 5.0 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-126

Description

A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-45460 — Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally (4.7 MEDIUM)
CVE-2026-42828 — Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally (7.8 HIGH)
CVE-2026-44185 — Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects... (7.3 HIGH)
CVE-2026-45684 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (4.9 MEDIUM)
CVE-2025-59609 — Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length (5.5 MEDIUM)