A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
Any upstream report? Or patch? The CVE only has this as a reference, which isn't really useful for CVE downstreams.
Created 389-ds-base tracking bugs for this issue: Affects: fedora-all [bug 2067988]
This issue has been addressed in the following products: Red Hat Directory Server 11.5 for RHEL 8 Via RHSA-2022:2210 https://access.redhat.com/errata/RHSA-2022:2210
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0918
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5239 https://access.redhat.com/errata/RHSA-2022:5239
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5620 https://access.redhat.com/errata/RHSA-2022:5620
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5823 https://access.redhat.com/errata/RHSA-2022:5823
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8162 https://access.redhat.com/errata/RHSA-2022:8162
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2022:8976 https://access.redhat.com/errata/RHSA-2022:8976