Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
krb5 to version 1.13.2+dfsg-5 or higher.