Integer Underflow

Affecting openldap package, versions <2.4.44+dfsg-5+deb9u7

Overview

Affected versions of this package are vulnerable to Integer Underflow. An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST