{"id":"CVE-2016-3698","details":"libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.","modified":"2026-04-16T06:19:32.155591479Z","published":"2016-06-13T19:59:02.753Z","related":["openSUSE-SU-2024:10042-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/05/17/9"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"type":"ADVISORY","url":"https://rhn.redhat.com/errata/RHSA-2016-1086.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3581"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2980-1"},{"type":"FIX","url":"https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839"},{"type":"FIX","url":"https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jpirko/libndp","events":[{"introduced":"0"},{"last_affected":"5c348445478b0b022a4276eff1d625224f2dd32c"},{"fixed":"2af9a55b38b55abbf05fd116ec097d4029115839"},{"fixed":"a4892df306e0532487f1634ba6d4c6d4bb381c7f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.5"}]}}],"versions":["v1.0","v1.1","v1.2","v1.3","v1.4","v1.5"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:02:09Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.10"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]}],"vanir_signatures":[{"deprecated":false,"digest":{"line_hashes":["101531685102245183275852009936204835805","97214097350107449139354271253793144163","164556960884367075306208826080947227920","63667140911771292372519639404938362123","107609708243145846260850277971129018612","149671708942379045263423202375691929860","276736812418198674399398745332165992188","255153811896162706213876650589840007385","147620033244927339724801995357492862724","248492230984237394143240468981199335892","80532650512138466634566770911761801263","19379276848166018487743762528204049438","317732962020956697880670020394659768991","4713285105856074252637293696465359293","336392447973756466662138636616347655358","256441280703396429462980440770129052868","310670757024317316337915583468203254201","100533313525427938481399362732085311595","147006123485187320684094043079787332322","63532705780221147885641542842172196161","279088102222290451695944085394456378701","47225492609781377256839949416948704682","216455297242040471975488751603481145183","42708126467600362449193948110161610840","98864281191308664020340173720289236203","242382298386438782068416587705588555974","23852886056916299655593223487253425859","298088038683306022628626755404715910173","180079971066224120039924722704699715183","225678215534612598427683817518660938059","252274654423889629989601793849300079932","39873793423575350406519180824501182983","183596815582201256379123350069465895962"],"threshold":0.9},"signature_type":"Line","target":{"file":"libndp/libndp.c"},"id":"CVE-2016-3698-459941ca","source":"https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f","signature_version":"v1"},{"deprecated":false,"digest":{"length":777,"function_hash":"59048228406542646144257995526865974314"},"signature_type":"Function","target":{"function":"ndp_sock_open","file":"libndp/libndp.c"},"id":"CVE-2016-3698-464868d7","source":"https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f","signature_version":"v1"},{"deprecated":false,"id":"CVE-2016-3698-4d71ff65","signature_type":"Function","target":{"function":"ndp_sock_recv","file":"libndp/libndp.c"},"source":"https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f","digest":{"length":1113,"function_hash":"22335990842408782660678923636076935878"},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f","signature_type":"Function","digest":{"length":961,"function_hash":"284878020047458585157100332374317942815"},"id":"CVE-2016-3698-e76bffc9","target":{"function":"myrecvfrom6","file":"libndp/libndp.c"},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3698.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}