This vulnerability involves an integer underflow (CWE-191) in MIT Kerberos 5 prior to version 1.22.3. Specifically, when gss_accept_sec_context() is invoked on a system with a NegoEx mechanism registered in /etc/gss/mech, an underflow leads to an out-of-bounds read in the parse_message function. This can be triggered remotely by an unauthenticated attacker, causing the process to terminate, thus impacting service availability. The CVSS 3.1 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, reflecting network attack vector, high attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality or integrity impact, and high availability impact.

The vulnerability allows an unauthenticated remote attacker to cause a denial of service by triggering a process termination due to an out-of-bounds read caused by an integer underflow. There is no impact on confidentiality or integrity. The availability of the affected service is compromised, potentially disrupting authentication services relying on MIT Kerberos 5.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch link is provided and remediationLevel is null, users should monitor MIT's official channels for updates. Until a patch is available, consider restricting access to systems running vulnerable versions and avoid registering NegoEx mechanisms if possible to reduce exposure.