A client can crash the KDC in enctype_name() by sendingone of the RFC 4556 enctypes, because of reversed strlcpy() arguments atthe end of enctype_name()
This issue is caused by backporting commits due to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=1664157
This flaw was introduced in upstream commit: https://github.com/krb5/krb5/commit/a649279727490687d54becad91fde8cf7429d951 and fixed via https://github.com/krb5/krb5/pull/981/commits/275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf
This flaw does not affect any MIT krb5 upstream releases. Fedora versions of MIT krb5 are affected and fixed via the following updates:
This flaw affects the krb5 server only; client-side packages are not affected. This flaw does not affect any krb5 packages shipped with Red Hat products.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):