Critical Heap Overflow Vulnerability in 389-ds Affects SUSE and openSUSE Systems

Critical Heap Overflow Vulnerability in 389-ds Affects SUSE and openSUSE Systems

First seen 8 May 2026, 04:41 UTC Linuxsecurity 92% similarity 74.0

Article Content

Browse articles
ThreatCluster

A critical heap buffer overflow vulnerability, CVE-2025-14905, was identified in the 389-ds directory server, impacting multiple SUSE and openSUSE systems. This flaw arises from improper size calculations in the `schema_attr_enum_callback` function, potentially allowing attackers to exploit the vulnerability. The CVSS score for this vulnerability is 8.6, indicating a high severity level. Affected systems include openSUSE Leap 15.4 and various SUSE Linux Enterprise products. Users are advised to apply the latest patches to mitigate risks. The vulnerability was published on February 23, 2026, and has been addressed in version 2.0.20~git89.937b1f291. Additional bug fixes and updates were also included in the release. The patching process can be conducted using standard SUSE installation methods.

Key Points: • CVE-2025-14905 is a critical heap overflow vulnerability in 389-ds affecting SUSE systems. • The vulnerability has a CVSS score of 8.6, indicating a high severity level. • Users are urged to apply the latest patches to mitigate potential exploitation.

ThreatCluster AI

Timeline

2026-02-23
CVE-2025-14905 published
A heap buffer overflow vulnerability in 389-ds was disclosed, affecting multiple SUSE and openSUSE systems.
Linuxsecurity
2026-05-07
Patch released for 389-ds
SUSE released an update to version 2.0.20~git89.937b1f291 to fix CVE-2025-14905 and other issues.
Linuxsecurity

Community

Browse all →