VYPR
High severity7.5NVD Advisory· Published Mar 19, 2008· Updated Jun 16, 2026

CVE-2008-0063

CVE-2008-0063

Description

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • Mit/Kerberos 52 versions
    cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*range: <=1.6.3
    • (no CPE)
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <10.4.11
  • cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
    Range: <10.4.11
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux:10.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

46

News mentions

0

No linked articles in our index yet.