CVE-2018-5710

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 (aka krb5) versions through 1.16

Description: An issue in the Key Distribution Center (KDC) allows remote authenticated users to cause a denial of service via a modified kadmin client. The pre-defined function strlen is getting a NULL string as a parameter value in plugins/kdb/ldap/libkdb ldap/ldap principal2.c, resulting in a NULL pointer dereference.

Recommendations: For versions through 1.16, as a temporary workaround, consider restricting access to the KDC to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.