Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID". However, when combined with the ranged results feature specified in MS-ADTS "3.1.1.3.1.3.3 Range Retrieval of Attribute Values" a NULL pointer is can be de-referenced. This is a Denial of Service only, no further escalation of privilege is associated with this issue.
Tag: LDAP
ASA-2019-00364 – Samba: A user with read access to the directory can cause a NULL pointer dereference using the paged search control
A user with read access to the LDAP server can crash the LDAP server process. Depending on the Samba version and the choice of process model, this may crash only the user's own connection.