CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2016-3698 – libndp: denial of service due to insufficient validation of source of NDP messages
https://notcve.org/view.php?id=CVE-2016-3698
17 May 2016 — libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. libndp en versiones anteriores a 1.6, como es usado en NetworkManager, no valida correctamente el origen de los mensajes Neighbor Discovery Protocol (NDP), lo que provoca a atacantes remotos ... • http://www.debian.org/security/2016/dsa-3581 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3554
https://notcve.org/view.php?id=CVE-2014-3554
31 Jul 2014 — Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement. Desbordamiento de buffer en la función ndp_msg_opt_dnssl_domain en libndp permite a routers remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un DNS Search List (DNSSL) manipulado en un IPv6 Router Advertisement. • http://www.openwall.com/lists/oss-security/2014/07/29/2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •