A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
libndp-0:1.2-10.el7_9 cpe:/o:redhat:rhel_els:7 RHSA-2024:4622 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8
libndp-0:1.7-7.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:4620 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
libndp-0:1.7-4.el8_2 cpe:/o:redhat:rhel_aus:8.2 RHSA-2024:4640 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
libndp-0:1.7-6.el8_4 cpe:/o:redhat:rhel_aus:8.4 RHSA-2024:4618 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
libndp-0:1.7-6.el8_4 cpe:/o:redhat:rhel_tus:8.4 RHSA-2024:4618 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
libndp-0:1.7-6.el8_4 cpe:/o:redhat:rhel_e4s:8.4 RHSA-2024:4618 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
libndp-0:1.7-7.el8_6 cpe:/o:redhat:rhel_aus:8.6 RHSA-2024:4643 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
libndp-0:1.7-7.el8_6 cpe:/o:redhat:rhel_tus:8.6 RHSA-2024:4643 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
libndp-0:1.7-7.el8_6 cpe:/o:redhat:rhel_e4s:8.6 RHSA-2024:4643 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
libndp-0:1.7-7.el8_8 cpe:/o:redhat:rhel_eus:8.8 RHSA-2024:4641 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9
libndp-0:1.8-6.el9_4 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:4636 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
libndp-0:1.8-5.el9_0 cpe:/o:redhat:rhel_e4s:9.0 RHSA-2024:4619 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
libndp-0:1.8-5.el9_2 cpe:/o:redhat:rhel_eus:9.2 RHSA-2024:4642 2024-07-19T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2024:4618 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4619 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4620 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4622 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4636 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4640 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4641 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4642 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4643 cve-icon cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-5564 cve-icon cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2284122 cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00011.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-5564 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-5564 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-31T18:31:47.333Z

Updated: 2024-09-16T20:34:19.595Z

Reserved: 2024-05-31T13:34:41.061Z

Link: CVE-2024-5564

cve-icon Vulnrichment

Updated: 2024-08-01T21:18:06.467Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-31T19:15:08.883

Modified: 2024-11-21T09:47:56.340

Link: CVE-2024-5564

cve-icon Redhat

Severity : Important

Publid Date: 2024-05-31T00:00:00Z

Links: CVE-2024-5564 - Bugzilla