Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-11611
PUBLISHED
More InfoOfficial Page
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
View Known Exploited Vulnerability (KEV) details
Published At-08 Jun, 2026 | 16:17
Updated At-08 Jun, 2026 | 16:17
Rejected At-
▼CVE Numbering Authority (CNA)
389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Directory Server 11
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
redhat-ds:11/389-ds-base
CPEs
  • cpe:/a:redhat:directory_server:11
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Directory Server 12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
redhat-ds:12/389-ds-base
CPEs
  • cpe:/a:redhat:directory_server:12
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Directory Server 13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
389-ds-base
CPEs
  • cpe:/a:redhat:directory_server:13
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
389-ds-base
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
389-ds-base
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
389-ds-base
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
389-ds-base
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
389-ds-base
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-400Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Bug 1 (Queue DoS): Reduce SYNC_MAX_CONCURRENT from the default of 10 to minimize the number of clients that can accumulate queues. Apply network-level rate limiting on persistent sync search requests. Monitor client connections and terminate stalled sync clients that stop reading for an extended period. Set system-level memory limits (e.g., LimitAS= in the systemd unit file or cgroup memory limits) to prevent unbounded memory growth. Bugs 2 and 3: No workaround available — these are code-level race conditions that require source fixes.

Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2026-04-16 00:00:00
Made public.2026-04-16 00:00:00
Event: Reported to Red Hat.
Date: 2026-04-16 00:00:00
Event: Made public.
Date: 2026-04-16 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-11611
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2485424
issue-tracking
x_refsource_REDHAT
https://redhat.atlassian.net/browse/PSIRTSUPT-7600
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-11611
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2485424
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://redhat.atlassian.net/browse/PSIRTSUPT-7600
Resource: N/A
Details not found