In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an...
Moderate severity
Unreviewed
Published
Apr 28, 2026
to the GitHub Advisory Database
•
Updated Apr 28, 2026
Description
Published by the National Vulnerability Database
Apr 28, 2026
Published to the GitHub Advisory Database
Apr 28, 2026
Last updated
Apr 28, 2026
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
References