CVE-2024-5564

2024-05-3119:15:08

Debian Security Bug Tracker

security-tracker.debian.org

vulnerability

libndp

buffer overflow

networkmanager

ipv6

router advertisement

validation

unix

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

13.8%

JSON

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

OSVersionArchitecturePackageVersionFilename
Debian12alllibndp< 1.8-1+deb12u1libndp_1.8-1+deb12u1_all.deb
Debian11alllibndp< 1.6-1+deb11u1libndp_1.6-1+deb11u1_all.deb
Debian999alllibndp< 1.8-2libndp_1.8-2_all.deb
Debian13alllibndp< 1.8-2libndp_1.8-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libndp	< 1.8-1+deb12u1	libndp_1.8-1+deb12u1_all.deb
Debian	11	all	libndp	< 1.6-1+deb11u1	libndp_1.6-1+deb11u1_all.deb
Debian	999	all	libndp	< 1.8-2	libndp_1.8-2_all.deb
Debian	13	all	libndp	< 1.8-2	libndp_1.8-2_all.deb