MidnightBSD

Advisories for libndp

CVE-2014-3554 MEDIUM

Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
libndp libndp *
CVE-2016-3698 MEDIUM

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
libndp libndp *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.2
canonical ubuntu_linux 15.10
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.2
canonical ubuntu_linux 16.04