Alex Maccuish

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.3.0 through 4.7.11 Samba versions 4.8.0 through 4.8.6 Samba versions 4.9.0 through 4.9.2 **Description** The issue is related to a denial of service when Samba is configured to accept smart-card authentication. In this scenario, Samba's KDC will call `talloc free()` twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This can only occur after authentication with a trusted certificate. The `talloc` function is robust against further corruption from a double-free with `talloc free()` and directly calls `abort()`, terminating the KDC process. **Recommendations** For Samba versions 4.3.0 through 4.7.11, update to version 4.7.12 or later. For Samba versions 4.8.0 through 4.8.6, update to version 4.8.7 or later. For Samba versions 4.9.0 through 4.9.2, update to version 4.9.3 or later. As a temporary workaround, consider disabling smart-card authentication until a patch is available.