{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58408?format=json","vulnerability_id":"VCID-7dna-4mcn-jqd5","summary":"A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).","aliases":[{"alias":"CVE-2025-14905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195624?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195622?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2"},{"url":"http://public2.vulnerablecode.io/api/packages/195623?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93635?format=json","purl":"pkg:rpm/redhat/389-ds-base@1.3.11.1-11?arch=el7_9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@1.3.11.1-11%3Farch=el7_9"},{"url":"http://public2.vulnerablecode.io/api/packages/93642?format=json","purl":"pkg:rpm/redhat/389-ds-base@2.0.14-5?arch=el9_0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@2.0.14-5%3Farch=el9_0"},{"url":"http://public2.vulnerablecode.io/api/packages/93644?format=json","purl":"pkg:rpm/redhat/389-ds-base@2.2.4-17?arch=el9_2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@2.2.4-17%3Farch=el9_2"},{"url":"http://public2.vulnerablecode.io/api/packages/93637?format=json","purl":"pkg:rpm/redhat/389-ds-base@2.4.5-24?arch=el9_4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@2.4.5-24%3Farch=el9_4"},{"url":"http://public2.vulnerablecode.io/api/packages/93645?format=json","purl":"pkg:rpm/redhat/389-ds-base@2.6.1-20?arch=el9_6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@2.6.1-20%3Farch=el9_6"},{"url":"http://public2.vulnerablecode.io/api/packages/93640?format=json","purl":"pkg:rpm/redhat/389-ds-base@2.7.0-10?arch=el9_7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@2.7.0-10%3Farch=el9_7"},{"url":"http://public2.vulnerablecode.io/api/packages/93641?format=json","purl":"pkg:rpm/redhat/389-ds-base@3.0.6-17?arch=el10_0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@3.0.6-17%3Farch=el10_0"},{"url":"http://public2.vulnerablecode.io/api/packages/93638?format=json","purl":"pkg:rpm/redhat/389-ds-base@3.1.3-7?arch=el10_1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dna-4mcn-jqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@3.1.3-7%3Farch=el10_1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14905.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14905.json"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130910","reference_id":"1130910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423624","reference_id":"2423624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423624"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3189","reference_id":"RHSA-2026:3189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3208","reference_id":"RHSA-2026:3208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3379","reference_id":"RHSA-2026:3379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3504","reference_id":"RHSA-2026:3504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4207","reference_id":"RHSA-2026:4207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4661","reference_id":"RHSA-2026:4661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4720","reference_id":"RHSA-2026:4720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5196","reference_id":"RHSA-2026:5196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5511","reference_id":"RHSA-2026:5511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5512","reference_id":"RHSA-2026:5512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5513","reference_id":"RHSA-2026:5513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5514","reference_id":"RHSA-2026:5514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5568","reference_id":"RHSA-2026:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5569","reference_id":"RHSA-2026:5569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5576","reference_id":"RHSA-2026:5576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5597","reference_id":"RHSA-2026:5597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5598","reference_id":"RHSA-2026:5598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6220","reference_id":"RHSA-2026:6220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6268","reference_id":"RHSA-2026:6268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6268"}],"weaknesses":[{"cwe_id":122,"name":"Heap-based Buffer Overflow","description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."}],"exploits":[],"severity_range_score":"7.2 - 7.2","exploitability":"0.5","weighted_severity":"6.5","risk_score":3.2,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dna-4mcn-jqd5"}