A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01085.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
libndp-0:1.2-10.el7_9 cpe:/o:redhat:rhel_els:7 RHSA-2024:4622 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8
libndp-0:1.7-7.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:4620 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
libndp-0:1.7-4.el8_2 cpe:/o:redhat:rhel_aus:8.2 RHSA-2024:4640 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
libndp-0:1.7-6.el8_4 cpe:/o:redhat:rhel_aus:8.4 RHSA-2024:4618 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
libndp-0:1.7-6.el8_4 cpe:/o:redhat:rhel_tus:8.4 RHSA-2024:4618 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
libndp-0:1.7-6.el8_4 cpe:/o:redhat:rhel_e4s:8.4 RHSA-2024:4618 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
libndp-0:1.7-7.el8_6 cpe:/o:redhat:rhel_aus:8.6 RHSA-2024:4643 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
libndp-0:1.7-7.el8_6 cpe:/o:redhat:rhel_tus:8.6 RHSA-2024:4643 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
libndp-0:1.7-7.el8_6 cpe:/o:redhat:rhel_e4s:8.6 RHSA-2024:4643 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
libndp-0:1.7-7.el8_8 cpe:/o:redhat:rhel_eus:8.8 RHSA-2024:4641 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9
libndp-0:1.8-6.el9_4 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:4636 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
libndp-0:1.8-5.el9_0 cpe:/o:redhat:rhel_e4s:9.0 RHSA-2024:4619 2024-07-18T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
libndp-0:1.8-5.el9_2 cpe:/o:redhat:rhel_eus:9.2 RHSA-2024:4642 2024-07-19T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-3837-1 libndp security update
Debian DSA Debian DSA DSA-5713-1 libndp security update
EUVD EUVD EUVD-2024-47152 A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Ubuntu USN Ubuntu USN USN-6830-1 libndp vulnerability
Ubuntu USN Ubuntu USN USN-7248-1 libndp vulnerability
Fixes

Solution

No solution given by the vendor.

Workaround

Currently there is no mitigation available for this vulnerability. Please make sure to update as the fixes become available.

References
Link Providers
https://access.redhat.com/errata/RHBA-2025:6631 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4618 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4619 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4620 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4622 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4636 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4640 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4641 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4642 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4643 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-5564 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2284122 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00011.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-5564 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-5564 cve-icon
History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00827}

 epss

{'score': 0.00795}

Mon, 14 Jul 2025 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Wed, 28 May 2025 23:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Sun, 24 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-10-01T08:50:32.462Z

Reserved: 2024-05-31T13:34:41.061Z

Link: CVE-2024-5564

cve-icon Vulnrichment

Updated: 2024-08-01T21:18:06.467Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-31T19:15:08.883

Modified: 2025-07-14T14:15:25.303

Link: CVE-2024-5564

cve-icon Redhat

Severity : Important

Publid Date: 2024-05-31T00:00:00Z

Links: CVE-2024-5564 - Bugzilla

cve-icon OpenCVE Enrichment

No data.