Samba 4.0.0 before samba 4.9.15 NULL Pointer Dereference Vulnerability


Since Samba 4.0.0 Samba has implemented, in the AD DC, the “dirsync”

LDAP control specified in MS-ADTS “ LDAP_SERVER_DIRSYNC_OID”.However, when combined with the ranged results feature specified in MS-ADTS “ Range Retrieval of Attribute Values” a NULL pointer is can be de-referenced.This is a Denial of Service only, no further escalation of privilege is associated with this issue. Samba 4.11 is not affected as the issue was fixed as a result of Coverity static analysis, before the potential for denial of service became apparent.




The information has been provided by Adam Xu

The original article can be found at:



A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in a denial of service. Privilege escalation is not possible with this issue.


Vulnerable Systems:

Samba 4.0.0 before samba 4.9.15

Samba 4.10.x before 4.10.10


CVE Information:



Disclosure Timeline:
Published Date:11/6/2019