Samba AD LDAP UAF on LDAP Message Value during Privileged Attribute Modify
CVE-2022-32746 Published on August 25, 2022

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2022-32746 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2022-32746

Want to know whenever a new CVE is published for Samba? stack.watch will email you.

Samba

Exploit Probability

EPSS

0.30%

Percentile

53.13%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Samba AD LDAP UAF on LDAP Message Value during Privileged Attribute ModifyCVE-2022-32746 Published on August 25, 2022

Weakness Type

What is a Dangling pointer Vulnerability?

Products Associated with CVE-2022-32746

Exploit Probability

Samba AD LDAP UAF on LDAP Message Value during Privileged Attribute Modify
CVE-2022-32746 Published on August 25, 2022