CVE-2024-5564 - Vulnerability Details

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0078.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
libndp-0:1.2-10.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2024:4622	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8
libndp-0:1.7-7.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:4620	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
libndp-0:1.7-4.el8_2	cpe:/o:redhat:rhel_aus:8.2	RHSA-2024:4640	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
libndp-0:1.7-6.el8_4	cpe:/o:redhat:rhel_aus:8.4	RHSA-2024:4618	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
libndp-0:1.7-6.el8_4	cpe:/o:redhat:rhel_tus:8.4	RHSA-2024:4618	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
libndp-0:1.7-6.el8_4	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2024:4618	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
libndp-0:1.7-7.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:4643	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
libndp-0:1.7-7.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:4643	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
libndp-0:1.7-7.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:4643	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
libndp-0:1.7-7.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:4641	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9
libndp-0:1.8-6.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:4636	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
libndp-0:1.8-5.el9_0	cpe:/o:redhat:rhel_e4s:9.0	RHSA-2024:4619	2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
libndp-0:1.8-5.el9_2	cpe:/o:redhat:rhel_eus:9.2	RHSA-2024:4642	2024-07-19T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

Currently there is no mitigation available for this vulnerability. Please make sure to update as the fixes become available.

References

Link	Providers
https://access.redhat.com/errata/RHBA-2025:6631
https://access.redhat.com/errata/RHSA-2024:4618
https://access.redhat.com/errata/RHSA-2024:4619
https://access.redhat.com/errata/RHSA-2024:4620
https://access.redhat.com/errata/RHSA-2024:4622
https://access.redhat.com/errata/RHSA-2024:4636
https://access.redhat.com/errata/RHSA-2024:4640
https://access.redhat.com/errata/RHSA-2024:4641
https://access.redhat.com/errata/RHSA-2024:4642
https://access.redhat.com/errata/RHSA-2024:4643
https://access.redhat.com/security/cve/CVE-2024-5564
https://bugzilla.redhat.com/show_bug.cgi?id=2284122
https://lists.debian.org/debian-lts-announce/2024/06/msg00011.html
https://nvd.nist.gov/vuln/detail/CVE-2024-5564
https://www.cve.org/CVERecord?id=CVE-2024-5564

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00827}`	epss `{'score': 0.00795}`

Mon, 14 Jul 2025 13:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHBA-2025:6631

Wed, 28 May 2025 23:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Sun, 24 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-31T18:31:47.333Z

Updated: 2025-08-27T13:10:55.069Z

Reserved: 2024-05-31T13:34:41.061Z

Link: CVE-2024-5564

Vulnrichment

Updated: 2024-08-01T21:18:06.467Z

NVD

Status : Awaiting Analysis

Published: 2024-05-31T19:15:08.883

Modified: 2025-07-14T14:15:25.303

Link: CVE-2024-5564

Redhat

Severity : Important

Publid Date: 2024-05-31T00:00:00Z

Links: CVE-2024-5564 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object