8.1

CVE-2024-5564

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/jpirko/libndp
Paket libndp
Default Statusunaffected
Version < 1.7-7
Version 1.0
Status affected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version < *
Version 0:1.9-2.el10
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support
Default Statusaffected
Version < *
Version 0:1.2-10.el7_9
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version < *
Version 0:1.7-7.el8_10
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support
Default Statusaffected
Version < *
Version 0:1.7-4.el8_2
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version < *
Version 0:1.7-6.el8_4
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Default Statusaffected
Version < *
Version 0:1.7-6.el8_4
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Default Statusaffected
Version < *
Version 0:1.7-6.el8_4
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version < *
Version 0:1.7-7.el8_6
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version < *
Version 0:1.7-7.el8_6
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version < *
Version 0:1.7-7.el8_6
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Extended Update Support
Default Statusaffected
Version < *
Version 0:1.7-7.el8_8
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version < *
Version 0:1.8-6.el9_4
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version < *
Version 0:1.8-5.el9_0
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Extended Update Support
Default Statusaffected
Version < *
Version 0:1.8-5.el9_2
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.727
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.