7 matches found
CVE-2018-16602
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosu...
CVE-2018-16601
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly...
Out-of-bounds
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an...
Information disclosure
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure...
CVE-2018-16523
The CVE-2018-16523 issue affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP) and the WHIS Connect TCP/IP module, caused by a division by zero in prvCheckOptions within the TCP/IP stack. ThreatPost and related sources confirm the vulnerability exists in the FreeRTOS TC...
CVE-2018-16527
The CVE-2018-16527 issue affects AWS FreeRTOS up to v1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and WHIS Connect middleware; it is an information disclosure vulnerability in prvProcessICMPPacket during ICMP packet parsing. The underlying cause is in the TCP/IP stack and associated conne...
CVE-2018-16601
An issue was discovered in Amazon Web Services AWS FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 with FreeRTOS+TCP, and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly...