===========================================================
== Subject:     Samba AD users can crash the server process with an
==              LDAP add or modify request.
==
== CVE ID#:     CVE-2022-32745
==
== Versions:    Samba 4.16, 4.15.2, 4.14.10, 4.13.14 and later
==
== Summary:     Samba AD users can cause the server to access
==              uninitialised data, usually leading to segmentation
==              faults, by making an LDAP add or modify request.
===========================================================

===========
Description
===========

Due to incorrect values used as the limit for a loop and as the
'count' parameter to memcpy(), the server, receiving a specially
crafted message, fails to fully initialise an array of structures, or
accesses an arbitrary element beyond the end of an array.

Outcomes achievable by an attacker include segmentation faults and
corresponding loss of availability.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba 4.14.14, 4.15.8, and 4.16.2 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (4.3)

==========
Workaround
==========

None.

=======
Credits
=======

Initial report, patches, and this advisory by Joseph Sutton of
Catalyst and the Samba Team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================