Vulnerability CVE-2022-32746: Information

Description

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-32746
Published: Aug. 25, 2022
Modified: Sept. 17, 2023
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sambasisyphus4.15.9-alt14.20.1-alt2ALT-PU-2022-2322-1304593Fixed
sambasisyphus_e2k4.15.9-alt14.20.1-alt1ALT-PU-2022-5705-1-Fixed
sambasisyphus_riscv644.15.9-alt14.20.1-alt2ALT-PU-2022-5651-1-Fixed
sambap104.15.9-alt14.19.6-alt2ALT-PU-2022-2438-1302667Fixed
sambap10_e2k4.15.9-alt14.19.6-alt2ALT-PU-2022-5796-1-Fixed
sambac10f14.15.9-alt14.16.11-alt2ALT-PU-2022-2438-1302667Fixed
sambac9f24.14.14-alt0.c9.14.14.14-alt0.c9.1ALT-PU-2023-1616-1316738Fixed
sambap114.15.9-alt14.20.1-alt1ALT-PU-2022-2322-1304593Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.samba.org/samba/security/CVE-2022-32746.html
  • Patch
  • Vendor Advisory
GLSA-202309-06

      1. Configuration 1

        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        Start including
        4.16.0
        End excliding
        4.16.4
        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        Start including
        4.15.0
        End excliding
        4.15.9
        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        Start including
        4.3.0
        End excliding
        4.14.14
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top