Red Hat Bugzilla – Bug 1527076
CVE-2017-17740 openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service
Last modified: 2018-04-23 06:44:30 EDT
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
Created openldap tracking bugs for this issue:
Affects: fedora-all [bug 1527078]
JBoss EAP 5 is EOL so won't be receiving updates for moderate security issues.
JBoss Core Services and Web Server do not provide slapd and don't use the affected module.