Directory server

This hub aggregates every CVE we track for Directory server, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Directory server.

• CVE-2026-11790389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service4.9Jun 9, 2026
• CVE-2026-11789389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash4.9Jun 9, 2026
• CVE-2026-11787389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing5.0Jun 9, 2026
• CVE-2026-11788389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser5.9Jun 9, 2026
• CVE-2026-11786389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()1.9Jun 9, 2026
• CVE-2026-11785389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler4.3Jun 9, 2026
• CVE-2026-11611389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions6.5Jun 8, 2026
• CVE-2026-9064389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)7.5May 20, 2026
• CVE-2024-6237389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request6.5Jul 9, 2024
• CVE-2024-1062389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)5.5Feb 12, 2024
• CVE-2023-1055A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information ...5.5Feb 27, 2023
• CVE-2022-2850A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an ...6.5Oct 14, 2022
• CVE-2022-1949An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an ...7.5Jun 1, 2022
• CVE-2020-35518When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of...5.3Mar 26, 2021
• CVE-2020-1472Netlogon Elevation of Privilege VulnerabilityKEV5.5Aug 17, 2020