Description libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
CVSS vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Exploitability: 2.2 | Impact: 5.9 Attack Vector: Network
Complexity: High
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages6 packages Show 1 more packages Also affects: Debian Linux 8.0, Ubuntu Linux 15.10, 16.04, Enterprise Linux 7.2
🔴 Vulnerability Details3 GHSA GHSA-rj7j-9h37-7pw7: libndp before 1 ↗ 2022-05-17 ▶ CVEList CVE-2016-3698: libndp before 1 ↗ 2016-06-13 ▶ OSV CVE-2016-3698: libndp before 1 ↗ 2016-06-13 ▶
📋 Vendor Advisories3 Red Hat libndp: denial of service due to insufficient validation of source of NDP messages ↗ 2016-05-17 ▶ Ubuntu libndp vulnerability ↗ 2016-05-17 ▶ Debian CVE-2016-3698: libndp - libndp before 1.6, as used in NetworkManager, does not properly validate the ori... ↗ 2016 ▶
💬 Community2 Bugzilla CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages [fedora-all] ↗ 2016-05-17 ▶ Bugzilla CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages ↗ 2016-04-21 ▶