MIT Kerberos 5 Integer Underflow Vulnerability in NegoEx Mechanism Allowing Out-of-Bounds Read

An integer underflow vulnerability has been identified in MIT Kerberos 5 versions prior to 1.22.3. This vulnerability occurs when an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered. An unauthenticated remote attacker can exploit this vulnerability, leading to an out-of-bounds read of up to 52 bytes, which may cause the process to terminate.

Impact

Exploitation of this vulnerability causes a read overrun of up to 52 bytes, possibly leading to a process termination.

Remediation

Users can apply the upstream patch available in commit 2e75f0d or update to a version containing the fix.