A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service . Two vulnerabilities were found in how slapd handled modify and modrdn requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify or modrdn operations could cause slapd to crash. The updated packages have been patched to correct these issues.