Cherry-pick upstream fix for CVE-2024-5564 (!1) · Merge requests · Arch Linux / Packaging / Packages / libndp

Chih-Hsuan Yen requested to merge CVE-2024-5564 into main Jun 18, 2024

From https://nvd.nist.gov/vuln/detail/CVE-2024-5564,

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Admin message

Cherry-pick upstream fix for CVE-2024-5564

Merge request reports