INFSA-2024:4620: Libndp security update
Information about definition
Identificator: INFSA-2024:4620
Type: security
Release date: 2024-08-23 19:11:29 UTC
Information about package
Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.
Vulnerabilities description
- CVE-2024-5564
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-5564
|
no information | 8.1 | no information |
Updated packages