CVE-2017-15088

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions 1.15.2 and earlier

Description The issue concerns the mishandling of Distinguished Name (DN) fields in untrusted X.509 data, which can lead to the execution of arbitrary code or cause a denial of service due to a buffer overflow and application crash. This is related to the get matching data and X509 NAME oneline ex functions. The security relevance of this issue is primarily outside of the MIT Kerberos distribution, such as in the use of get matching data in KDC certauth plugin code specific to Red Hat.

Recommendations For versions 1.15.2 and earlier, update to a version later than 1.15.2 to resolve the issue.