Tim Uglow

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (aka krb5) versions prior to 1.13.2 **Description** The issue allows remote attackers to cause a denial of service, either through a NULL pointer dereference by using a zero-byte version string, or through an out-of-bounds read by omitting the '0' character. This is related to errors in handling krb5 read message data fields. **Recommendations** For versions prior to 1.13.2, update to version 1.13.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `krb5 read message` function to minimize the risk of exploitation.