389-ds-base is vulnerable to denial of service. A remote unauthenticated attacker is able to crash the application in a buffer overflow using a malicious LDAP request containing long search filters with unescaped characters.
www.securityfocus.com/bid/104137
access.redhat.com/errata/RHSA-2018:1364
access.redhat.com/errata/RHSA-2018:1380
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1554720
bugzilla.redhat.com/show_bug.cgi?id=1559464
bugzilla.redhat.com/show_bug.cgi?id=1559760
bugzilla.redhat.com/show_bug.cgi?id=1559764
bugzilla.redhat.com/show_bug.cgi?id=1563079
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089
lists.debian.org/debian-lts-announce/2018/07/msg00018.html