CVE-2022-32746

Name
CVE-2022-32746
Description
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.samba.org/samba/security/CVE-2022-32746.html
GENTOO https://security.gentoo.org/glsa/202309-06

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.16.0 < 4.16.4
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.15.0 < 4.15.9
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.3.0 < 4.14.14

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba 3.13-main 4.13.17-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.14-main 4.14.14-r0 Natanael Copa <ncopa@alpinelinux.org> fixed