238 matches found
CVE-2026-7426
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid...
CVE-2026-7422
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...
CVE-2026-7423
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...
CVE-2026-7424
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service permanent IP task freeze requiring hardware reset ...
CVE-2026-7426 Out-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid...
EUVD-2026-26284
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid...
CVE-2026-7426 Out-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid...
CVE-2026-7426
The CVE-2026-7426 entry concerns the IPv6 Router Advertisement handling in FreeRTOS-Plus-TCP. Insufficient validation of the prefix length field in Router Advertisement processing allows memory corruption (heap buffer overflow) on the affected stack when processing RA messages. Affected versions ...
EUVD-2026-26283
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service device crash by sending a crafted Router Advertisement with a truncated PREFIXINFORMATION option that is smalle...
CVE-2026-7425
The CVE-2026-7425 issue affects FreeRTOS-Plus-TCP’s IPv6 Router Advertisement parser. In versions prior to V4.2.6 and V4.4.1, insufficient option length validation allows a crafted Router Advertisement with a truncated PREFIX_INFORMATION option to cause a device crash (DoS). The vulnerability is ...
CVE-2026-7425 Out-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service device crash by sending a crafted Router Advertisement with a truncated PREFIXINFORMATION option that is smalle...
CVE-2026-7425 Out-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service device crash by sending a crafted Router Advertisement with a truncated PREFIXINFORMATION option that is smalle...
CVE-2026-7424 Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service permanent IP task freeze requiring hardware reset ...
CVE-2026-7424
CVE-2026-7424 describes an integer underflow in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP. The issue affects FreeRTOS-Plus-TCP versions before V4.4.1 and before V4.2.6, and is triggered when DHCPv6 is enabled. An adjacent network actor can exploit the underflow by sending a crafted DHCPv6...
EUVD-2026-26276
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...
CVE-2026-7423 Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...
CVE-2026-7423
The CVE affects FreeRTOS-Plus-TCP: an integer underflow in ICMP/ICMPv6 echo reply handling prior to V4.4.1 and V4.2.6. Subtracting header sizes from a packet length without validating size enables a heap out-of-bounds read (~65KB), allowing an adjacent attacker to cause a device crash (DoS) when ...
CVE-2026-7423 Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...
EUVD-2026-26275
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...
CVE-2026-7422 MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...