Todd Lipcon

**Name of the Vulnerable Software and Affected Versions** IPA versions 4.6.x before 4.6.7 IPA versions 4.7.x before 4.7.4 IPA versions 4.8.x before 4.8.3 **Description** A flaw was found in the way the internal function `ber scanf()` was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or, in some conditions, execute arbitrary code on the server hosting the IPA server. **Recommendations** For IPA versions 4.6.x before 4.6.7, update to version 4.6.7 or later. For IPA versions 4.7.x before 4.7.4, update to version 4.7.4 or later. For IPA versions 4.8.x before 4.8.3, update to version 4.8.3 or later.