Buffer Overflow Vulnerability in libndp's NetworkManager

CVE-2024-5564

8.1HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor: CVE Published:; 31 May 2024

Summary

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Affected Version(s)

Red Hat Enterprise Linux 7 Extended Lifecycle Support <= 0:1.2-10.el7_9

Red Hat Enterprise Linux 8 <= 0:1.7-7.el8_10

Red Hat Enterprise Linux 8.2 Advanced Update Support <= 0:1.7-4.el8_2

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.4 to: 8.1 - (HIGH)
Jun 28, 2024
Risk change from: null to: 7.4 - (HIGH)
Jun 12, 2024
Vulnerability Reserved.
May 31, 2024
Reported to Red Hat.
May 31, 2024
Vulnerability published.
May 31, 2024

Collectors

NVD DatabaseMitre Database

Credit

Upstream acknowledges Evgeny Vereshchagin as the original reporter.