MITKRB5-SA-2003-05: Buffer overrun and underrun in principal name handling

[Nalin Dahyabhai]

On Wed, Mar 19, 2003 at 08:04:32PM -0500, Ken Raeburn wrote:
>  * Corruption of malloc pool, probably leading to program crash.

This is CVE CAN-2003-0082.

>  * Reference to data just past the end of an array in the KDC, for
>    comparison against certain fixed data.  May result in crashing the
>    KDC.

This is CVE CAN-2003-0072.

Thanks,

Nalin