Univention Bugzilla – Bug 54627
Denial of service: slapd (5.0)
Last modified: 2022-04-20 19:14:46 CEST
We need to backport the patch for this DoS issue. It doesn't have a CVE. https://bugs.openldap.org/show_bug.cgi?id=9124
Another DoS attack vector based on malformed Cancel ext.op. which you should also fix in one go: https://bugs.openldap.org/show_bug.cgi?id=9428 In general OpenLDAP security fixes rarely have CVE-IDs assigned. :-(
The second one is already in upstream Debian package version 2.4.47+dfsg-3+deb10u6, which we automatically track and update: debian/patches/ITS-9428-fix-cancel-exop.patch
r19560 | 99_ITS-9124-Null-pointer-dereference-in-ber_skip_tag.quilt 431db1ac12 | Advisory Package: openldap Version: 2.4.47+dfsg-3+deb10u6A~5.0.0.202203311540 Branch: ucs_5.0-0 Scope: errata5.0-1
Tests: OK Patch applied: OK Package built: OK Installation: OK Verified
<https://errata.software-univention.de/#/?erratum=5.0x289>