CVE-2018-16525

Published: Dec 6, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.

Affected (2)

Products: Amazon: Amazon Web Services Freertos, Freertos

2 products

Amazon Web Services Freertos

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Amazon Amazon Web Services Freertos	Up to 1.3.1
Amazon Freertos	Up to 10.0.1

References (6)

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/

Source: cve@mitre.org

ExploitThird Party Advisory

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/

Source: cve@mitre.org

Third Party Advisory

https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md

Source: cve@mitre.org

Release NotesThird Party Advisory

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.