CVE-2024-5564
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
31/05/2024
Last modified:
14/07/2025
Description
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://access.redhat.com/errata/RHBA-2025:6631
- https://access.redhat.com/errata/RHSA-2024:4618
- https://access.redhat.com/errata/RHSA-2024:4619
- https://access.redhat.com/errata/RHSA-2024:4620
- https://access.redhat.com/errata/RHSA-2024:4622
- https://access.redhat.com/errata/RHSA-2024:4636
- https://access.redhat.com/errata/RHSA-2024:4640
- https://access.redhat.com/errata/RHSA-2024:4641
- https://access.redhat.com/errata/RHSA-2024:4642
- https://access.redhat.com/errata/RHSA-2024:4643
- https://access.redhat.com/security/cve/CVE-2024-5564
- https://bugzilla.redhat.com/show_bug.cgi?id=2284122
- https://access.redhat.com/errata/RHSA-2024:4618
- https://access.redhat.com/errata/RHSA-2024:4619
- https://access.redhat.com/errata/RHSA-2024:4620
- https://access.redhat.com/errata/RHSA-2024:4622
- https://access.redhat.com/errata/RHSA-2024:4636
- https://access.redhat.com/errata/RHSA-2024:4640
- https://access.redhat.com/errata/RHSA-2024:4641
- https://access.redhat.com/errata/RHSA-2024:4642
- https://access.redhat.com/errata/RHSA-2024:4643
- https://access.redhat.com/security/cve/CVE-2024-5564
- https://bugzilla.redhat.com/show_bug.cgi?id=2284122
- https://lists.debian.org/debian-lts-announce/2024/06/msg00011.html