IMO this doesn't qualify for a CVE and the reporter is just trying to pad his resume with fluff. In practice reads are non-destructive and 1 byte beyond an allocated buffer isn't going to break anything. Note that there is zero impact on slapd itself, because all of our uses explicitly pad one extra byte on message allocations. So this is only a potential problem for 3rd party users of liblber/ber_init2, a function that wasn't part of the old LDAP API RFC and is specific to OpenLDAP's liblber. I.e., no standard-compliant apps are using it.

Any other opinions?