Buffer Overflow Vulnerability in libndp's NetworkManager
CVE-2024-5564
8.1HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 7 Extended Lifecycle Support
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 8.2 Advanced Update Support
- Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
- Vendor
- CVE Published:
- 31 May 2024
Summary
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Affected Version(s)
Red Hat Enterprise Linux 7 Extended Lifecycle Support <= 0:1.2-10.el7_9
Red Hat Enterprise Linux 8 <= 0:1.7-7.el8_10
Red Hat Enterprise Linux 8.2 Advanced Update Support <= 0:1.7-4.el8_2
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 7.4 to: 8.1 - (HIGH)
Risk change from: null to: 7.4 - (HIGH)
Vulnerability Reserved.
Reported to Red Hat.
Vulnerability published.
Collectors
NVD DatabaseMitre Database
Credit
Upstream acknowledges Evgeny Vereshchagin as the original reporter.