Fluid Attacks Database

Description

A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	network-manager	=1.42.4-1 \|\| >=0 <1.42.4-1+deb12u1	1.42.4-1+deb12u1
debian 13	network-manager	>=0 <1.49.90-2	1.49.90-2
debian 14	network-manager	>=0 <1.49.90-2	1.49.90-2
rpm rhel8	NetworkManager	-	-
rpm rhel9	NetworkManager	<1:1.48.10-2.el9_5	1:1.48.10-2.el9_5

Aliases

1. CVE-2024-65012. NVD-2024-65013. OSV-DEBIAN-2024-65014. OSV-2024-65015. SECURITY-TRACKER-CVE-2024-6501

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.