Cherry-pick upstream fix for CVE-2024-5564 (!1) · Merge requests · Arch Linux / Packaging / Packages / libndp · GitLab

Due to an influx of spam, we have had to temporarily disable account registrations. Please write an email to accountsupport@archlinux.org, with your desired username, if you want to get access. Sorry for the inconvenience.

From https://nvd.nist.gov/vuln/detail/CVE-2024-5564,

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.