A use-after-free vulnerability exists in 389 Directory Server's schema reload mechanism. The attr_syntax_swap_ht() function frees all attribute syntax info nodes unconditionally via attr_syntax_free(), bypassing the refcount-based deferred deletion pattern used by attr_syntax_delete_no_lock(). When an administrator triggers a schema reload while concurrent LDAP query traffic is active, query threads that hold asyntaxinfo references after releasing the read lock access freed memory, causing use-after-free or double-free and crashing ns-slapd with SIGSEGV.