From advisory: ... An ASN.1 decoder can free an uninitialized pointer when decoding an invalid encoding. This can cause a Kerberos application to crash, or, under theoretically possible but unlikely circumstances, execute arbitrary malicious code. No exploit is known to exist that would cause arbitrary code execution. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol. ... Reproducible: Always Steps to Reproduce:
Let's handle this on bug 263398. *** This bug has been marked as a duplicate of bug 263398 ***