CVE-2026-11791

NameCVE-2026-11791
DescriptionA flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1139816

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
389-ds-base (PTS)bullseye1.4.4.11-2vulnerable
bullseye (security)1.4.4.11-2+deb11u1vulnerable
bookworm2.3.1+dfsg1-1+deb12u1vulnerable
trixie3.1.2+dfsg1-1+deb13u1vulnerable
sid3.1.2+vendor1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
389-ds-basesource(unstable)(unfixed)1139816

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2485414
Search for package or bug name: Reporting problems