libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "15.10"
},
{
"last_affected": "15.10"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
}
],
"source": "CPE_STRING",
"vendor_product": "canonical:ubuntu_linux",
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux",
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_desktop",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_hpc_node",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.2"
},
{
"last_affected": "7.2"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_hpc_node_eus",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*"
]
},
{
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux_server",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.2"
},
{
"last_affected": "7.2"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_server_aus",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.2"
},
{
"last_affected": "7.2"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_server_eus",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_workstation",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
]
}
]
}{
"cpe": "cpe:2.3:a:libndp:libndp:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.5"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}