In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
Created openldap tracking bugs for this issue:
Affects: fedora-all [bug 1833536]
This vulnerability is out of security support scope for the following products:
* Red Hat Enterprise Application Platform 5
* Red Hat JBoss Enterprise Web Server 2
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:4041 https://access.redhat.com/errata/RHSA-2020:4041
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
while doing review of the Vulnerability Assessment report of RHEL 8.6 for the purpose of Common Criteria certification, we came across this CVE-2020-12243. The CVE page https://access.redhat.com/security/cve/cve-2020-12243 lists RHEL 8 as Not affected.
Could a Statement be added to that CVE page that RHEL 8 is not affected because it does not ship slapd, similar to https://access.redhat.com/security/cve/cve-2020-36221?
Thank you, Jan
In reply to comment #9:
> Could a Statement be added to that CVE page that RHEL 8 is not affected