CVE-2016-3698
- Source
- https://cve.org/CVERecord?id=CVE-2016-3698
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3698.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-3698
- Downstream
- Related
- Published
- 2016-06-13T19:59:02.753Z
- Modified
- 2026-02-13T01:07:14.053818Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
- References
-
- http://www.openwall.com/lists/oss-security/2016/05/17/9
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.debian.org/security/2016/dsa-3581
- http://www.ubuntu.com/usn/USN-2980-1
- https://rhn.redhat.com/errata/RHSA-2016-1086.html
- https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
- https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
Affected packages
Git / github.com/jpirko/libndp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jpirko/libndp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2016-3698-18f0b297",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"170176477519933285600355361331367013774",
"120904098440755147910116174783754776741",
"7894526475083051264666507975378376406",
"217364338339957537939019235054377776971",
"7407623137805926619280800212719797687",
"63088205776203570202086828173959958792",
"153581203926223722849680069361692604280",
"171309330756449757018071118347357954273",
"280859829450697165741373069303126313651",
"201995046116671457636065317904351417679",
"301529060522256388973626700898465159903",
"276894803681689366420526560669257674233",
"208362970776794385704871433908425704352",
"89432001669346666650050204064313273378",
"226056119545450624772288460962917176844",
"168270223811022951169218121137299259037",
"259126255868865405891638805049151054557",
"272114724437962512861027675571520485009",
"3429988923868265313120504226962620002"
]
},
"deprecated": false,
"source": "https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839",
"signature_type": "Line",
"target": {
"file": "libndp/libndp.c"
}
},
{
"id": "CVE-2016-3698-459941ca",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"101531685102245183275852009936204835805",
"97214097350107449139354271253793144163",
"164556960884367075306208826080947227920",
"63667140911771292372519639404938362123",
"107609708243145846260850277971129018612",
"149671708942379045263423202375691929860",
"276736812418198674399398745332165992188",
"255153811896162706213876650589840007385",
"147620033244927339724801995357492862724",
"248492230984237394143240468981199335892",
"80532650512138466634566770911761801263",
"19379276848166018487743762528204049438",
"317732962020956697880670020394659768991",
"4713285105856074252637293696465359293",
"336392447973756466662138636616347655358",
"256441280703396429462980440770129052868",
"310670757024317316337915583468203254201",
"100533313525427938481399362732085311595",
"147006123485187320684094043079787332322",
"63532705780221147885641542842172196161",
"279088102222290451695944085394456378701",
"47225492609781377256839949416948704682",
"216455297242040471975488751603481145183",
"42708126467600362449193948110161610840",
"98864281191308664020340173720289236203",
"242382298386438782068416587705588555974",
"23852886056916299655593223487253425859",
"298088038683306022628626755404715910173",
"180079971066224120039924722704699715183",
"225678215534612598427683817518660938059",
"252274654423889629989601793849300079932",
"39873793423575350406519180824501182983",
"183596815582201256379123350069465895962"
]
},
"deprecated": false,
"source": "https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f",
"signature_type": "Line",
"target": {
"file": "libndp/libndp.c"
}
},
{
"id": "CVE-2016-3698-464868d7",
"signature_version": "v1",
"digest": {
"function_hash": "59048228406542646144257995526865974314",
"length": 777.0
},
"deprecated": false,
"source": "https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f",
"signature_type": "Function",
"target": {
"file": "libndp/libndp.c",
"function": "ndp_sock_open"
}
},
{
"id": "CVE-2016-3698-4d71ff65",
"signature_version": "v1",
"digest": {
"function_hash": "22335990842408782660678923636076935878",
"length": 1113.0
},
"deprecated": false,
"source": "https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f",
"signature_type": "Function",
"target": {
"file": "libndp/libndp.c",
"function": "ndp_sock_recv"
}
},
{
"id": "CVE-2016-3698-acf122a3",
"signature_version": "v1",
"digest": {
"function_hash": "27437530974325292487422374598980223295",
"length": 187.0
},
"deprecated": false,
"source": "https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839",
"signature_type": "Function",
"target": {
"file": "libndp/libndp.c",
"function": "ndp_msg_check_valid"
}
},
{
"id": "CVE-2016-3698-e76bffc9",
"signature_version": "v1",
"digest": {
"function_hash": "284878020047458585157100332374317942815",
"length": 961.0
},
"deprecated": false,
"source": "https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f",
"signature_type": "Function",
"target": {
"file": "libndp/libndp.c",
"function": "myrecvfrom6"
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3698.json"