The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka Uninitialized stack values.
The product uses or accesses a resource that has not been initialized.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kerberos_5 | Mit | * | 1.6.3 (including) |