A heap-based buffer overflow occurs in hashcat's Kerberos hash parser when it processes untrusted delimiter positions without proper bounds checking before copying into a fixed-size buffer. This flaw can allow an attacker with the ability to supply a crafted Kerberos hash file to trigger an out‑of‑bounds write that may cause a denial of service or, in a worst‑case scenario, arbitrary code execution. The vulnerability is confined to the hashcat binary and the Kerberos-related modules it invokes, so it does not directly affect other software components.

The affected product is Hashcat, specifically version 7.1.2. All Kerberos hash parsing modules, including module_hash_decode, are impacted. No other vendors were implicated.

The criticality is underscored by a moderate CVSS score of 7.3 and the potential for denial of service or code execution, but no public exploitation evidence exists and the EPSS score is not available. Since hashcat runs as a user‑space utility, the attacker must be able to supply a malicious hash file on the system, which typically requires local or privileged access. Because the vulnerability is local in nature, the risk is most pronounced for systems running hashcat with elevated privileges or where hash files are obtained from untrusted sources. The lack of a KEV listing means no confirmed exploitation has been reported, but the absence of an EPSS score does not imply low risk.