A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html