Upstream pull request: https://github.com/krb5/krb5/pull/471
*** Bug 1344031 has been marked as a duplicate of this bug. ***
Should I be worried about this bug becoming a security issue if properly exploited ?
(In reply to thibaut.pouzet from comment #11)
> Should I be worried about this bug becoming a security issue if properly
> exploited ?
If exploited, it's a network-controlled write past the end of a buffer. This buffer is on the heap, so it's very hard (though not impossible) to actually exploit. That this issue may cause sporadic application failures was deemed a more pressing issue.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.