A double-free of a password policy structure was found in the way slapd was handling certain errors during persistent search. A unauthenticated attacker could use this flaw to crash Directory Server.
A flaw was found in 389-ds-base. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
Name: Viktor Ashirov (Red Hat)
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:2757 https://access.redhat.com/errata/RHSA-2018:2757
Created 389-ds-base tracking bugs for this issue:
Affects: fedora-all [bug 1637870]