Skip to main content

Libndp

2 CVEs product

Monthly

CVE-2016-3698 HIGH This Week

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Authentication Bypass Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +7
NVD GitHub
CVSS 3.0
8.1
EPSS
2.1%
CVE-2014-3554 MEDIUM PATCH This Month

Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service RCE Buffer Overflow Libndp
NVD
CVSS 2.0
6.8
EPSS
0.6%
EPSS 2% CVSS 8.1
HIGH This Week

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Authentication Bypass Enterprise Linux Desktop +9
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service RCE Buffer Overflow +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy