lib/kadm5/kadm rpc xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdr kadm5 principal ent rec does not validate the relationship between n key data and the key data array count.