Greghudson

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions prior to 1.13.6 MIT Kerberos 5 versions 1.4.x prior to 1.14.3 **Description** The issue is related to the `validate as request` function in `kdc util.c` within the Key Distribution Center (KDC) of MIT Kerberos 5. When `restrict anonymous to tgt` is enabled, it incorrectly uses a client data structure. This allows remote authenticated users to cause a denial of service, resulting in a NULL pointer dereference and daemon crash, via an S4U2Self request. **Recommendations** For versions prior to 1.13.6, update to version 1.13.6 or later. For versions 1.4.x prior to 1.14.3, update to version 1.14.3 or later.