CVE DATABASE / CVE-2008-0062
CVE-2008-0062
CVSS 9.8 · CRITICAL
Summary
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Mit kerberos 5Debian debian linuxCanonical ubuntu linuxFedoraproject fedora
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
- http://marc.info/?l=bugtraq&m=130497213107107&w=2
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/29423
- http://secunia.com/advisories/29424
- http://secunia.com/advisories/29428
- http://secunia.com/advisories/29435
- http://secunia.com/advisories/29438
- http://secunia.com/advisories/29450
- http://secunia.com/advisories/29451
- http://secunia.com/advisories/29457
- http://secunia.com/advisories/29462
- http://secunia.com/advisories/29464
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.