VDB

ALPINE-CVE-2022-32746

ALPINE-CVE-2022-32746 PUBLISHED CVSS 5.400000095367432 MEDIUM

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

Risk Scores

CVSS v3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected Products

VendorProductVersions
Alpine:v3.15samba4.7.2-r0, 4.8.8-r0, 4.8.7-r0
Alpine:v3.18samba3.4.3-r0, 3.4.3-r1, 3.4.4-r0
Alpine:v3.21samba3.3.7-r0, 4.8.8-r0, 4.8.7-r0
Alpine:v3.17samba4.8.8-r0, 3.4.3-r1, 3.4.4-r0
Alpine:v3.16samba4.13.3-r0, 4.13.3-r1, 4.13.3-r2
Alpine:v3.20samba4.5.4-r0, 0, 3.2.10-r0
Alpine:v3.22samba4.1.0-r2, 0, 3.2.11-r0
Alpine:v3.19samba4.2.9-r1, 3.5.4-r1, 3.5.4-r0
Alpine:v3.14samba4.5.4-r0, 3.2.10-r0, 3.2.11-r0
Alpine:v3.23samba3.2.11-r0, 3.2.11-r1, 3.2.8-r0

Timeline

  • Aug 25, 2022 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›