CVE-2024-5564

EUVD-2024-47152
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Debian logo
Debian Releases
Debian Product
Codename
libndp
bookworm
1.8-1+deb12u1
fixed
bookworm (security)
1.8-1+deb12u1
fixed
bullseye
1.6-1+deb11u1
fixed
bullseye (security)
1.6-1+deb11u1
fixed
forky
1.9-1
fixed
sid
1.9-1
fixed
trixie
1.9-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libndp
bionic
Fixed 1.6-1ubuntu0.1~esm1
released
focal
Fixed 1.7-0ubuntu1.1
released
jammy
Fixed 1.8-0ubuntu3.1
released
mantic
Fixed 1.8-1fakesync1ubuntu0.23.10.1
released
noble
Fixed 1.8-1fakesync1ubuntu0.24.04.1
released
oracular
not-affected
xenial
Fixed 1.4-2ubuntu0.16.04.1+esm1
released
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHBA-2025:6631
https://access.redhat.com/errata/RHSA-2024:4618
https://access.redhat.com/errata/RHSA-2024:4619
https://access.redhat.com/errata/RHSA-2024:4620
https://access.redhat.com/errata/RHSA-2024:4622
https://access.redhat.com/errata/RHSA-2024:4636
https://access.redhat.com/errata/RHSA-2024:4640
https://access.redhat.com/errata/RHSA-2024:4641
https://access.redhat.com/errata/RHSA-2024:4642
https://access.redhat.com/errata/RHSA-2024:4643
https://access.redhat.com/security/cve/CVE-2024-5564
https://bugzilla.redhat.com/show_bug.cgi?id=2284122
https://access.redhat.com/errata/RHSA-2024:4618
https://access.redhat.com/errata/RHSA-2024:4619
https://access.redhat.com/errata/RHSA-2024:4620
https://access.redhat.com/errata/RHSA-2024:4622
https://access.redhat.com/errata/RHSA-2024:4636
https://access.redhat.com/errata/RHSA-2024:4640
https://access.redhat.com/errata/RHSA-2024:4641
https://access.redhat.com/errata/RHSA-2024:4642
https://access.redhat.com/errata/RHSA-2024:4643
https://access.redhat.com/security/cve/CVE-2024-5564
https://bugzilla.redhat.com/show_bug.cgi?id=2284122
https://lists.debian.org/debian-lts-announce/2024/06/msg00011.html