20 matches found
EUVD-2018-8409
Malware in sbrugna...
EUVD-2018-8335
Malware in sbrugna...
EUVD-2021-18465
Malware in sbrugna...
CVE-2021-32020
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory...
Integer overflow
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in streambuffer.c for a stream buffer...
CVE-2021-31571
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation...
CVE-2018-16603
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an...
CVE-2018-16602
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosu...
CVE-2018-16601
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly...
CVE-2018-16601
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly...
CVE-2018-16598
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a...
Null pointer dereference
Amazon Web Services AWS FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETSSetSockOpt...
Information disclosure
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure...
Out-of-bounds
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an...
CVE-2018-16527
Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket...
CVE-2018-16599
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure...
CVE-2018-16601
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly...
CVE-2018-16603
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an...
CVE-2018-16522
AWS FreeRTOS (IoT OS) up to version 1.3.1 is affected by CVE-2018-16522: an uninitialized pointer free in SOCKETS_SetSockOpt. The issue is in the TCP/IP/secure connectivity stack of FreeRTOS within AWS FreeRTOS and could lead to memory corruption. Patches are available in AWS FreeRTOS 1.3.2 and l...
AWS FreeRTOS Bugs Allow Compromise of IoT Devices
Researchers have found that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities. The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take...