7.5
CVE-2008-0063
- EPSS 4.75%
- Published 19.03.2008 10:44:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Data is provided by the National Vulnerability Database (NVD)
Mit ≫ Kerberos 5 Version <= 1.6.3
Apple ≫ macOS X Server Version < 10.4.11
Apple ≫ macOS X Server Version >= 10.5.0 < 10.5.2
Suse ≫ Linux Enterprise Desktop Version10 Updatesp1
Suse ≫ Linux Enterprise Server Version10 Updatesp1
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp1
Debian ≫ Debian Linux Version3.1
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version6.10
Canonical ≫ Ubuntu Linux Version7.04
Canonical ≫ Ubuntu Linux Version7.10
Fedoraproject ≫ Fedora Version7
Fedoraproject ≫ Fedora Version8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.75% | 0.888 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.