What the vulnerability does

01Description

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

Key dates

02Disclosure timeline

August 25, 2022 CVE published
August 3, 2024 Record updated