When the KDC receives certain TGS-REQ messages, it may dereference an uninitialized pointer while processing authorization data, causing a crash, or in rare cases, unauthorized information disclosure, ticket modification, or execution of arbitrary code. The crash may be triggered by legitimate requests. Correctly implement the filtering of authorization data items to avoid leaving uninitialized pointers when omitting items. https://github.com/krb5/krb5/commit/26ff86b99636dfd136d93b5cc7e50623be4d70fa Commit By: tlyu Revision: 24429 Changed Files: U trunk/src/kdc/kdc_authdata.c