A flaw was found in samba versions 4.0.0 through 4.10.0. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9, and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).