Debian Libndp vulnerabilities

CVE-2024-5564 [HIGH] CVE-2024-5564: libndp - A vulnerability was found in libndp. This flaw allows a local malicious user to ... A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. Scope: local bookworm: resolved (fixed in 1.8-1+deb12u1) bullseye: resolved (fixed in 1.6-1+

CVE-2016-3698 [HIGH] CVE-2016-3698: libndp - libndp before 1.6, as used in NetworkManager, does not properly validate the ori... libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. Scope: local bookworm: resolved (fixed in 1.6-1) b

CVE-2014-3554 [MEDIUM] CVE-2014-3554: libndp - Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote... Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement. Scope: local bookworm: resolved (fixed in 1.4-1) bullseye: resolved (fixed in 1.4-1) forky: resolved (fixed in 1.4-1) sid: resolved (fix