It was found that in MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. Upstream patch: https://github.com/krb5/krb5/pull/678/commits/ffb35baac698
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0666 https://access.redhat.com/errata/RHSA-2018:0666