CVE-2024-5564

Published: May 31, 2024

Modified: Nov 20, 2025

PUBLISHED

CVSS v3.1

8.1

HIGH

Description

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Vendor	Product	Versions
Unknown	libndp	affected `1.0 - < 1.7-7`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:1.9-2.el10 - < *`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	unaffected `0:1.2-10.el7_9 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:1.7-7.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	unaffected `0:1.7-4.el8_2 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `0:1.7-6.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	unaffected `0:1.7-6.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	unaffected `0:1.7-6.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `0:1.7-7.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `0:1.7-7.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `0:1.7-7.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `0:1.7-7.el8_8 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:1.8-6.el9_4 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `0:1.8-5.el9_0 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `0:1.8-5.el9_2 - < *`