CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-5564: Libndp: buffer overflow in route information length field
Description
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Classification
CVE ID: CVE-2024-5564
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 15.26% (scored less or equal to compared to others)
EPSS Date: 2025-02-04 (when was this score calculated)
References
https://access.redhat.com/errata/RHSA-2024:4618https://access.redhat.com/errata/RHSA-2024:4619
https://access.redhat.com/errata/RHSA-2024:4620
https://access.redhat.com/errata/RHSA-2024:4622
https://access.redhat.com/errata/RHSA-2024:4636
https://access.redhat.com/errata/RHSA-2024:4640
https://access.redhat.com/errata/RHSA-2024:4641
https://access.redhat.com/errata/RHSA-2024:4642
https://access.redhat.com/errata/RHSA-2024:4643
https://access.redhat.com/security/cve/CVE-2024-5564
https://bugzilla.redhat.com/show_bug.cgi?id=2284122