A malicious packet can force OpenLDAP to fail an assertion in csnNormalize23 function in servers/slapd/schema_init.c. Reference: https://bugs.openldap.org/show_bug.cgi?id=9384 Upstream patch: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2
Created openldap tracking bugs for this issue: Affects: fedora-all [bug 1899679]
External References: https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c
Statement: This flaw does not affect Red Hat Enterprise Linux 8 because the slapd server is not shipped in the Red Hat Enterprise Linux 8 repositories.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0621 https://access.redhat.com/errata/RHSA-2022:0621
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25710