CVE-2008-0063

HIGH

MIT Kerberos 5 < 1.6.3 - Use of Uninitialized Resource

Title source: rule

Description

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

References (46)

... and 26 more

Scores

CVSS v3 7.5
EPSS 0.0490
EPSS Percentile 89.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-908
Status draft

Affected Products (17)

mit/kerberos_5 < 1.6.3
apple/mac_os_x < 10.4.11
apple/mac_os_x_server < 10.4.11
opensuse/opensuse
opensuse/opensuse
suse/linux
suse/linux_enterprise_desktop
suse/linux_enterprise_server
suse/linux_enterprise_software_development_kit
debian/debian_linux
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
... and 2 more

Timeline

Published Mar 19, 2008
Tracked Since Feb 18, 2026