CVE-2015-2924Improper Input Validation in Project Networkmanager

CWE-20Improper Input ValidationCWE-358Improperly Implemented Security Check for Standard8 documents7 sources
Severity
3.3LOWNVD
EPSS
0.6%
top 30.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Network-manager Project Network-managerNetworkmanager Project Networkmanager
Timeline
PublishedNov 16
Latest updateMay 17

Description

The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-m83h-57fv-rrqc: The receive_ra function in rdisc/nm-lndp-rdisc2022-05-17
CVEList
CVE-2015-2924: The receive_ra function in rdisc/nm-lndp-rdisc2015-11-16
OSV
CVE-2015-2924: The receive_ra function in rdisc/nm-lndp-rdisc2015-11-16

📋Vendor Advisories

2
Red Hat
NetworkManager: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements2015-04-02
Debian
CVE-2015-2924: network-manager - The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) ...2015

💬Community

2
Bugzilla
CVE-2015-2924 NetworkManager: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements2015-04-08
Bugzilla
CVE-2015-2924 NetworkManager: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements [fedora-all]2015-04-08
CVE-2015-2924 — Improper Input Validation | cvebase