An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is
a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store
16-bit data but unknowingly the developer has assigned a "u4" variable to
it, which is for 32-bit data. An attacker can use this vulnerability to
affect other artifacts of the database as we know that a Kerberos database
dump file contains trusted data.
Upstream has removed all confidential information. Not sure if we have any information from OSS or other channels. Locking the bug until this is further understood and a fix identified.
dbentry->len = u1;
dbentry->n_key_data = u4;