Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2502
HistoryOct 03, 2024 - 10:26 p.m.

Advisory ROSA-SA-2024-2502

2024-10-0322:26:49
ROSA LAB
abf.rosalinux.ru
3
libndp 1.7
rosa virtualization 2.1
vulnerability
attacker impact
ipv6 packets
information security
buffer boundaries
yum update

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

Software: libndp 1.7
OS: ROSA Virtualization 2.1

package_evr_string: libndp-1.7-7.rv3

CVE-ID: CVE-2024-5564
BDU-ID: 2024-04337
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libndp library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information by sending specially crafted IPv6 packets
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libndp command

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibndp< 1.7UNKNOWN

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High