A buffer overflow vulnerability was found in get_matching_data() function when both the CA cert and the user cert have a long subject affecting krb5 that includes certauth plugin. Attack requires a validated certificate with a long subject and issuer, and a "pkinit_cert_match" string attribute on some principal in the database. A remote code execution exploit might also require that the attacker gets to choose the contents of the issuer in the validated cert. Bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 1506622]
Upstream patch: https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
Statement: This issue affects the versions of krb5 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.