OpenLDAP slapd has two bugs that allow a remote unauthenticated client to crash the LDAP server.
The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL pointer when a search request includes the Deref control with an empty list of attributes to return (missing input validation).
Certain search queries including the Matched Values control can trigger a double free in slapd 2.4.40 when freeing operation controls. This is a regression in 2.4.40, no earlier releases are affected.
May we have CVEs assigned to these, please?
@maintainers: openldap 2.4.40 is already in tree, is net-nds/openldap-2.4.40-r3 (or another revision) ready for stabilization?
Double free vulnerability in the get_vrFilter function in
servers/slapd/filter.c in OpenLDAP 2.4.13 through 2.4.40 allows remote
attackers to cause a denial of service (crash) via a crafted search query
with a matched values control.
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP
2.4.13 through 2.4.40 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an empty attribute list in a deref
control in a search request.
Anyone want to stabilize here?
I would try with 2.4.44 to not load more the arch teams later stabilizing a newer one :/
Stabilization of =net-nds/openldap-2.4.44 started in sec bug 560424.
tree is clean