MITKRB5-SA-2003-05: Buffer overrun and underrun in principal name handling

Nalin Dahyabhai nalin at
Thu Mar 20 11:01:48 EST 2003

On Wed, Mar 19, 2003 at 08:04:32PM -0500, Ken Raeburn wrote:
>  * Corruption of malloc pool, probably leading to program crash.

This is CVE CAN-2003-0082.

>  * Reference to data just past the end of an array in the KDC, for
>    comparison against certain fixed data.  May result in crashing the
>    KDC.

This is CVE CAN-2003-0072.



More information about the krbdev mailing list