A flaw was found in 389-ds-base 1.3.6.1. Improper handling of a search filter in slapi_filter_sprintf in slapd/util.c can lead to remote server crash and denial of service. Upstream patch: https://pagure.io/389-ds-base/c/6aa2acdc3cad9
Created 389-ds-base tracking bugs for this issue: Affects: fedora-all [bug 1536983]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0163 https://access.redhat.com/errata/RHSA-2018:0163
Fixed upstream in versions 1.3.6.13, 1.3.7.9, and 1.4.0.5: http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-6-13.html http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-7-9.html http://directory.fedoraproject.org/docs/389ds/releases/release-1-4-0-5.html