===========================================================
== Subject:     Samba AD users can crash the server process with an
==              LDAP add or modify request.
==
== CVE ID#:     CVE-2022-32745
==
== Versions:    Samba 4.16, 4.15.2, 4.14.10, 4.13.14, and later
==
== Summary:     Samba AD users can cause the server to access
==              uninitialised data with an LDAP add or modify request,
==              usually resulting in a segmentation fault.
===========================================================

===========
Description
===========

Due to incorrect values used as the limit for a loop and as the
'count' parameter to memcpy(), the server, receiving a specially
crafted message, leaves an array of structures partially
uninitialised, or accesses an arbitrary element beyond the end of an
array.

Outcomes achievable by an attacker include segmentation faults and
corresponding loss of availability. Depending on the contents of the
uninitialised memory, confidentiality may also be affected.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba 4.14.next, 4.15.next, and 4.16.next have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (5.4)

==========
Workaround
==========

None.

=======
Credits
=======

Initial report, patches, and this advisory by Joseph Sutton of
Catalyst and the Samba Team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================