Red hat directory server 12

This hub aggregates every CVE we track for Red hat directory server 12, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat directory server 12.

• CVE-2026-11791389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()5.0Jun 18, 2026
• CVE-2026-12528389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__normalize_acltxt()5.4Jun 17, 2026
• CVE-2026-11774389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow7.6Jun 11, 2026
• CVE-2026-11884389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation6.5Jun 10, 2026
• CVE-2026-11793389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsing4.9Jun 9, 2026
• CVE-2026-11792389-ds-base: 389-ds-base: heap buffer overflow in audit log password masking (create_masked_entry_string)3.3Jun 9, 2026
• CVE-2026-11790389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service4.9Jun 9, 2026
• CVE-2026-11789389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash4.9Jun 9, 2026
• CVE-2026-11787389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing5.0Jun 9, 2026
• CVE-2026-11788389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser5.9Jun 9, 2026
• CVE-2026-11786389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()1.9Jun 9, 2026
• CVE-2026-11785389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler4.3Jun 9, 2026
• CVE-2026-11611389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions6.5Jun 8, 2026
• CVE-2026-9064389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)7.5May 20, 2026
• CVE-2025-14905389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow7.2Feb 23, 2026