CVE-2016-3698
published 2016-06-13CVE-2016-3698: libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote…
high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libndp | < libndp 1.6-1 (bookworm) | libndp 1.6-1 (bookworm) |
| libndp | libndp | <= 1.5 | — |
| libndp | libndp | >= 0 < 1.6-1 | 1.6-1 |
| libndp | libndp | >= 0 < 1.6-1 | 1.6-1 |
| libndp | libndp | >= 0 < 1.6-1 | 1.6-1 |
| libndp | libndp | >= 0 < 1.6-1 | 1.6-1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_hpc_node_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH