A vulnerability in Red Hat Directory Server and the 389 Directory Server was discovered. The code that parses the GER request (_ger_parse_control()) can dereference a NULL pointer. An unauthenticated user able to communicate with the Directory Server could use a crafted search query that would cause the Directory Server to crash.
This issue has been assigned the name CVE-2010-2222.
Created attachment 424540 [details]
patch to correct the flaw
This bug was only introduced recently in the following commit:
Therefore, this issue did not affect any released version of Red Hat Directory Server.
(In reply to comment #2)
> Created an attachment (id=424540) [details]
> patch to correct the flaw
Committed to git: