Tuomas Salomäki

**Name of the Vulnerable Software and Affected Versions** openldap versions 2.2.13 through 2.4.22 openldap versions prior to 2.4.35 openldap-clients-2.2.13 openldap-servers-2.2.13 openldap-servers-sql-2.2.13 openldap-devel-2.2.13 compat-openldap-2.1.30 libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd slapd-dbg **Description** The issue is related to multiple vulnerabilities in the OpenLDAP package, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. The `slap modrdn2mods` function in `modrdn.c` does not check the return value of a call to the `smr normalize` function, allowing remote attackers to cause a denial of service and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. **Recommendations** For openldap versions 2.2.13 through 2.4.22, update to a version later than 2.4.22. For openldap versions prior to 2.4.35, update to version 2.4.35 or later. For openldap-clients-2.2.13, openldap-servers-2.2.13, openldap-servers-sql-2.2.13, openldap-devel-2.2.13, compat-openldap-2.1.30, libldap-2.4-2, libldap-2.4-2-dbg, libldap2-dev, slapd, and slapd-dbg, update to the latest available version. As a temporary workaround, consider disabling the `slap modrdn2mods` function until a patch is available. Restrict access to the vulnerable OpenLDAP modules to minimize the risk of exploitation.