denis.andzakovic@security-assessment.com wrote:

Full_Name: Denis Andzakovic Version: 2.4.42 OS: Debian 8 URL: Submission from: (NULL) (2402:6000:110:a01:743b:8319:1f96:bd89)

OpenLDAP ber_get_next Denial of Service Affected Versions: OpenLDAP <= 2.4.42

+----------+ | Solution | +----------+ Ensure that data received from untrusted sources is not able to trigger conditions resulting in the server crashing. In this specific instance, the NDEBUG macro should be defined before the inclusion of assert.h by default, requiring a specific compile time alteration to enable debug.

Our patch response was too hasty. There is no OpenLDAP bug here, the real issue is production binaries being built with asserts enabled instead of compiling with -DNDEBUG. That's an issue for packagers and distros to resolve. Closing this ITS, not an OpenLDAP bug.