Apache · Mod Auth Kerb · CVE-2006-5989
**Name of the Vulnerable Software and Affected Versions**
mod auth kerb version 5.0
**Description**
The issue is caused by an off-by-one error in the der get oid function, which allows remote attackers to trigger a heap-based buffer overflow in the component array via a crafted Kerberos message, resulting in a denial of service (crash).
**Recommendations**
For mod auth kerb version 5.0, consider applying a patch or fix that addresses the off-by-one error in the der get oid function to prevent the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.