CVE-2018-16852.html:

====================================================================
== Subject:  NULL pointer de-reference in Samba AD DC DNS servers
==
== CVE ID#:  CVE-2018-16852
==
== Versions: All versions of Samba from 4.9.0 onwards.
==
== Summary:  A user able to create or modify dnsZone objects
==           can crash the Samba AD DC's DNS management RPC server,
==           DNS server or BIND9 when using Samba's DLZ plugin
===================================================================

===========
Description
===========

During the processing of an DNS zone in the DNS management DCE/RPC
server, the internal DNS server or the Samba DLZ plugin for BIND9, 
if the DSPROPERTY_ZONE_MASTER_SERVERS property or
DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will
follow a NULL pointer and terminate.

There is no further vulnerability associated with this issue, merely a
denial of service.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    http://www.samba.org/samba/security/

Additionally, Samba 4.9.3 has been issued as security releases 
to correct the defect.  Samba administrators are advised to
upgrade to these releases or apply the patch as soon as possible.

==================
CVSSv3 calculation
==================

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.9)

=========================
Workaround and mitigation
=========================

None.  Only users with write access to dnsZone objects can trigger
this issue.

=======
Credits
=======

Originally reported by Fabrizio Faganello.

Patches provided by Gary Lockyer of the Samba Team and Catalyst.

===============================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
===============================================================