In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

...

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the resize function in kdblog.c when processing a large update size during incremental propagation. An attacker can cause an out-of-bounds write and crash the kadmind daemon by sending specially crafte...

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

CVE-2025-24528

CVE-2025-24528 affects MIT Kerberos 5 (krb5) up to but not including 1.22; the issue is an integer overflow in kdb_log.c during a large update resize, which can cause an out-of-bounds write and crash the kadmind daemon after authentication. Public references consistently describe the vulnerabilit...

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...