In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
1.18.3-6+deb11u61.20.1-2+deb12u31.21.3-5Exploitability
AV:NAC:HPR:LUI:NScope
S:CImpact
C:NI:LA:HCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H