CVE-2018-5709

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 (aka krb5) versions prior to 1.17

Description: An issue was discovered where a variable dbentry->n key data in kadmin/dbutil/dump.c, intended for 16-bit data, was assigned a u4 variable meant for 32-bit data. This could allow an attacker to affect other database artifacts, as a Kerberos database dump file contains trusted data.

Recommendations: For versions prior to 1.17, update to version 1.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the database dump files to minimize the risk of exploitation.