389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

Basic Information

ID CVE-2026-11611

Source redhat

Published Jun 8, 2026 at 16:17

Affected Product

Vendor Red Hat

Product Red Hat Directory Server 11

CWE Classification

CWE-400

References

{
    "lastseen": "",
    "description": "A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.",
    "published": "2026-06-08T16:17:59.532Z",
    "modified": "2026-06-08T16:17:59.532Z",
    "type": "cve",
    "title": "389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2026-11611\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2485424\nhttps://redhat.atlassian.net/browse/PSIRTSUPT-7600",
    "id": "CVE-2026-11611",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Red Hat Directory Server 11",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions_CVE-2026-11611