CVE-2008-0063 — Use of Uninitialized Resource in Kerberos 5
Severity
7.5HIGHNVD
GHSA7.3
EPSS
4.9%
top 10.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 19
Latest updateJul 14
Description
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages9 packages
Also affects: Debian Linux 3.1, 4.0, Fedora 7, 8, Ubuntu Linux 6.06, 6.10, 7.04, 7.10
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-67px-r9v8-hcfg: The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, whi↗2022-05-01
CVEList▶
CVE-2008-0063: The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, whi↗2008-03-19
OSV▶
CVE-2008-0063: The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, whi↗2008-03-19
📋Vendor Advisories
4Debian▶
CVE-2008-0063: krb5 - The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clea...↗2008