CVE-2024-5564

Published: 31 May 2024

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Priority

Status

Package	Release	Status
libndp Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Released (1.7-0ubuntu1.1)
	jammy	Released (1.8-0ubuntu3.1)
	mantic	Released (1.8-1fakesync1ubuntu0.23.10.1)
	noble	Released (1.8-1fakesync1ubuntu0.24.04.1)
	upstream	Needs triage
	xenial	Needs triage
	Patches: upstream: https://github.com/jpirko/libndp/commit/05e4ba7b0d126eea4c04387dcf40596059ee24af

References

https://www.cve.org/CVERecord?id=CVE-2024-5564
https://access.redhat.com/security/cve/CVE-2024-5564
https://lists.fedorahosted.org/archives/list/libndp@lists.fedorahosted.org/thread/ADDK2HO5LWNWPO43P4LA3IPUN3GW65PP/
https://ubuntu.com/security/notices/USN-6830-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072366
https://bugzilla.redhat.com/show_bug.cgi?id=2284122
https://github.com/jpirko/libndp/issues/26

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›