contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
Created openldap tracking bugs for this issue:
Affects: fedora-all [bug 1527078]
JBoss EAP 5 is EOL so won't be receiving updates for moderate security issues.
JBoss Core Services and Web Server do not provide slapd and don't use the affected module.