Back

Critical Heap Overflow Vulnerability in 389-ds Affects SUSE and openSUSE Systems

Severity: High (Score: 74.0)

Sources: Linuxsecurity

Summary

A critical heap buffer overflow vulnerability, CVE-2025-14905, was identified in the 389-ds directory server, impacting multiple SUSE and openSUSE systems. This flaw arises from improper size calculations in the `schema_attr_enum_callback` function, potentially allowing attackers to exploit the vulnerability. The CVSS score for this vulnerability is 8.6, indicating a high severity level. Affected systems include openSUSE Leap 15.4 and various SUSE Linux Enterprise products. Users are advised to apply the latest patches to mitigate risks. The vulnerability was published on February 23, 2026, and has been addressed in version 2.0.20~git89.937b1f291. Additional bug fixes and updates were also included in the release. The patching process can be conducted using standard SUSE installation methods. Key Points: • CVE-2025-14905 is a critical heap overflow vulnerability in 389-ds affecting SUSE systems. • The vulnerability has a CVSS score of 8.6, indicating a high severity level. • Users are urged to apply the latest patches to mitigate potential exploitation.

Key Entities

  • CVE-2025-14905 (cve)
  • Cwe-122 - Heap-based Buffer Overflow (cwe)
  • OpenSUSE (company)
  • OpenSUSE Leap 15.4 (platform)
  • SUSE Linux 15 SP4 (platform)
  • SUSE Linux Enterprise High Performance Computing 15 SP4 (platform)
  • SUSE Linux Enterprise High Performance Computing Espos (platform)
  • SUSE Linux Enterprise High Performance Computing Espos 15 SP4 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed