| Package | libndp |
|---|---|
| Version | 1.4-2+deb8u2 (jessie), 1.6-1+deb9u1 (stretch) |
| Related CVEs | CVE-2024-5564 |
It was discovered that there was a buffer overflow vulnerability in libndp, a
library for implementing IPv6’s “Neighbor Discovery Protocol” (NDP) and is used
by Network Manager and other networking tools.
A local, malicious user could have caused a buffer overflow in Network Manager
by sending a malformed IPv6 router advertisement packet. This issue existed
because libndp was not correctly validating route length information.
For Debian 8 jessie, these problems have been fixed in version 1.4-2+deb8u2.
For Debian 9 stretch, these problems have been fixed in version 1.6-1+deb9u1.
We recommend that you upgrade your libndp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.