8.1
CVE-2024-5564
- EPSS 1.06%
- Veröffentlicht 31.05.2024 19:15:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Libndp: buffer overflow in route information length field
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/jpirko/libndp
≫
Paket
libndp
Default Statusunaffected
Version
1.0
Version <
1.7-7
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusaffected
Version
0:1.9-2.el10
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Default Statusaffected
Version
0:1.2-10.el7_9
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version
0:1.7-7.el8_10
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.2 Advanced Update Support
Default Statusaffected
Version
0:1.7-4.el8_2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version
0:1.7-6.el8_4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Default Statusaffected
Version
0:1.7-6.el8_4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Default Statusaffected
Version
0:1.7-6.el8_4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version
0:1.7-7.el8_6
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version
0:1.7-7.el8_6
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version
0:1.7-7.el8_6
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.8 Extended Update Support
Default Statusaffected
Version
0:1.7-7.el8_8
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version
0:1.8-6.el9_4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version
0:1.8-5.el9_0
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.2 Extended Update Support
Default Statusaffected
Version
0:1.8-5.el9_2
Version <
*
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.06% | 0.769 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.