CVE-2018-16600

Published: Dec 6, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.

Affected (2)

Products: Amazon: Amazon Web Services Freertos, Freertos

2 products

Amazon Web Services Freertos

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Amazon Amazon Web Services Freertos	Up to 1.3.1
Amazon Freertos	Up to 10.0.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/

Source: cve@mitre.org

ExploitThird Party Advisory

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/

Source: cve@mitre.org

Third Party Advisory

https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md

Source: cve@mitre.org

Release NotesThird Party Advisory

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.