https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports:
MUNGE is an authentication service for creating and
validating user credentials. From 0.5 to 0.5.17, local
attacker can exploit a buffer overflow vulnerability in
munged (the MUNGE authentication daemon) to leak
cryptographic key material from process memory. With the
leaked key material, the attacker could forge arbitrary
MUNGE credentials to impersonate any user (including root)
to services that rely on MUNGE for authentication. The
vulnerability allows a buffer overflow by sending a crafted
message with an oversized address length field, corrupting
munged's internal state and enabling extraction of the MAC
subkey used for credential verification. This vulnerability
is fixed in 0.5.18.