Lucene search

Gentoo FoundationMGASA-2024-0225

HistoryJun 17, 2024 - 8:44 p.m.

Updated libndp packages fix security vulnerabilities

2024-06-1720:44:07

Gentoo Foundation

advisories.mageia.org

libndp

buffer overflow

networkmanager

security

vulnerability

ipv6

router advertisement

package update

route length

validation

unix

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

Percentile

13.8%

JSON

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

OSVersionArchitecturePackageVersionFilename
Mageia9noarchlibndp< 1.8-2.1libndp-1.8-2.1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	libndp	< 1.8-2.1	libndp-1.8-2.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=33304

ubuntu.com/security/notices/USN-6830-1

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

Percentile

13.8%

JSON

Related for MGASA-2024-0225