Samba 4.9.x versions before 4.9.18 Use After Free Vulnerability
Samba 4.9 introduced an off-by-default feature to tombstone dynamically created DNS records that had reached their expiry time. This feature is controlled by the smb.conf option: dns zone scavenging = yes There is a use-after-free issue in this code, essentially due to a call to realloc() while other local variables still point at the original buffer. The use is a read, but in quite unlikely conditions (due to NDR validation unpacking the buffer) that read memory might be saved back into the DB.
The information has been provided by Christian Naumer
The original article can be found at:https://www.samba.org/samba/security/CVE-2019-19344.html
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
Samba 4.9.x versions before 4.9.18
Samba 4.10.x versions before 4.10.12
Samba 4.11.x versions before 4.11.5