The vulnerability exists because the process_tgs_req() function improperly processes renewal or validation requests of existing authorization tickets. While processing such requests, the function copies data from a ticket that is being validated or renewed to a new ticket that is being generated for the reply, creating a memory alias for that request. When the function exits, memory is freed twice, possibly resulting in a memory error.
An authenticated, remote attacker could exploit this vulnerability by transmitting spurious ticket renewal tickets to the system, causing memory corruption. The attacker could use the memory corruption to execute arbitrary code with the elevated privileges of the vulnerable service. Repeated, unsuccessful attempts at exploiting this vulnerability could lead to a DoS condition.