Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. The AD DC database audit logging module can be made to access LDAP message values that have been freed by a preceding database module, resulting in a use-after- free. This is only possible when modifying certain privileged attributes, such as userAccountControl.