Nixpkgs security tracker

Untriaged

Permalink CVE-2026-11791

5.0 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): High (H)

created 1 day, 12 hours ago Activity log

Created suggestion 1 day, 12 hours ago

389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).

References

https://access.redhat.com/security/cve/CVE-2026-11791 x_refsource_REDHATvdb-entry
RHBZ#2485414 x_refsource_REDHATissue-tracking
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

Affected products

389-ds-base

redhat-ds:11/389-ds-base

redhat-ds:12/389-ds-base

Matching in nixpkgs

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

nixos-unstable 3.1.3
- nixpkgs-unstable 3.1.3
- nixos-unstable-small 3.1.3
nixos-26.05 3.1.3
- nixos-26.05-small 3.1.3
- nixpkgs-26.05-darwin 3.1.3

Package maintainers

@ners ners <ners@gmx.ch>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs._389-ds-base

Package maintainers