...

Is this a know bug (see ITS#6570) or something new? Is there a workaround it?

AFAIK it is not known. I am able to reproduce it (Linux, HEAD code), so I suggest you file an ITS. With respect to a workaround, it is not clear what's the purpose of the operation you're trying to accomplish. In general, a modrdn on the empty DN should be meaningless (although it should not crash the server).

A fix is in HEAD (slapd/modrdn.c); please test. p.