diff --git a/SOURCES/0001-ITS-9904-ldap_url_parsehosts-check-for-strdup-failur.patch b/SOURCES/0001-ITS-9904-ldap_url_parsehosts-check-for-strdup-failur.patch
new file mode 100644
index 0000000..d8aed95
--- /dev/null
+++ b/SOURCES/0001-ITS-9904-ldap_url_parsehosts-check-for-strdup-failur.patch
@@ -0,0 +1,72 @@
+From 840944e26f734bb03d925f26c4ef11a6cedcbb9c Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 25 Aug 2022 16:13:21 +0100
+Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
+
+Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
+failure when dup'ing scheme.
+
+Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
+---
+ libraries/libldap/url.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
+index dcf2aac9e8..493fd7ce47 100644
+--- a/libraries/libldap/url.c
++++ b/libraries/libldap/url.c
+@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
+ 		}
+ 		ludp->lud_port = port;
+ 		ludp->lud_host = specs[i];
+-		specs[i] = NULL;
+ 		p = strchr(ludp->lud_host, ':');
+ 		if (p != NULL) {
+ 			/* more than one :, IPv6 address */
+ 			if ( strchr(p+1, ':') != NULL ) {
+ 				/* allow [address] and [address]:port */
+ 				if ( *ludp->lud_host == '[' ) {
+-					p = LDAP_STRDUP(ludp->lud_host+1);
+-					/* copied, make sure we free source later */
+-					specs[i] = ludp->lud_host;
+-					ludp->lud_host = p;
+-					p = strchr( ludp->lud_host, ']' );
++					p = strchr( ludp->lud_host+1, ']' );
+ 					if ( p == NULL ) {
+ 						LDAP_FREE(ludp);
+ 						ldap_charray_free(specs);
+ 						return LDAP_PARAM_ERROR;
+ 					}
+-					*p++ = '\0';
++					/* Truncate trailing ']' and shift hostname down 1 char */
++					*p = '\0';
++					AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
++					p++;
+ 					if ( *p != ':' ) {
+ 						if ( *p != '\0' ) {
+ 							LDAP_FREE(ludp);
+@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
+ 				}
+ 			}
+ 		}
+-		ldap_pvt_hex_unescape(ludp->lud_host);
+ 		ludp->lud_scheme = LDAP_STRDUP("ldap");
++		if ( ludp->lud_scheme == NULL ) {
++			LDAP_FREE(ludp);
++			ldap_charray_free(specs);
++			return LDAP_NO_MEMORY;
++		}
++		specs[i] = NULL;
++		ldap_pvt_hex_unescape(ludp->lud_host);
+ 		ludp->lud_next = *ludlist;
+ 		*ludlist = ludp;
+ 	}
+ 
+ 	/* this should be an array of NULLs now */
+-	/* except entries starting with [ */
+ 	ldap_charray_free(specs);
+ 	return LDAP_SUCCESS;
+ }
+-- 
+2.44.0
+
diff --git a/SOURCES/0001-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch b/SOURCES/0001-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
new file mode 100644
index 0000000..9d2d774
--- /dev/null
+++ b/SOURCES/0001-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
@@ -0,0 +1,26 @@
+From c5c8c06a8bd52ea7b843e7d8ca961a7d1800ce5f Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Wed, 24 Aug 2022 14:40:51 +0100
+Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
+
+Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
+---
+ libraries/libldap/fetch.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
+index 9e426dc647..536871bcfe 100644
+--- a/libraries/libldap/fetch.c
++++ b/libraries/libldap/fetch.c
+@@ -69,6 +69,8 @@ ldif_open_url(
+ 		}
+ 
+ 		p = ber_strdup( urlstr );
++		if ( p == NULL )
++			return NULL;
+ 
+ 		/* But we should convert to LDAP_DIRSEP before use */
+ 		if ( LDAP_DIRSEP[0] != '/' ) {
+-- 
+2.44.0
+
diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec
index feae96b..0600067 100644
--- a/SPECS/openldap.spec
+++ b/SPECS/openldap.spec
@@ -5,7 +5,7 @@
 
 Name: openldap
 Version: 2.4.46
-Release: 18%{?dist}
+Release: 19%{?dist}
 Summary: LDAP support libraries
 License: OpenLDAP
 URL: http://www.openldap.org/
@@ -58,6 +58,8 @@ Patch61: openldap-cbinding-Convert-test077-to-LDIF-config.patch
 Patch62: openldap-cbinding-Update-keys-to-RSA-4096.patch
 Patch63: openldap-add-TLS_REQSAN-option.patch
 Patch64: openldap-change-TLS_REQSAN-default-to-TRY.patch
+Patch65: 0001-ITS-9904-ldap_url_parsehosts-check-for-strdup-failur.patch
+Patch66: 0001-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
 
 # check-password module specific patches
 Patch90: check-password-makefile.patch
@@ -153,6 +155,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch62 -p1
 %patch63 -p1
 %patch64 -p1
+%patch65 -p1
+%patch66 -p1
 
 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@@ -522,6 +526,10 @@ exit 0
 %{_mandir}/man3/*
 
 %changelog
+* Tue Apr 30 2024 Simon Pichugin <spichugi@redhat.com> - 2.4.46-19
+- Bump version to 2.4.46-19
+- Resolves: RHEL-34283 - openldap: null pointer dereference in ber_memalloc_x function
+
 * Thu Aug  5 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.46-18
 - Add TLS_REQSAN option and change the default to TRY (#1814674)