Lucene search
K
AmazonAmazon Web Services Freertos

14 matches found

CVE
CVE
added 2018/12/06 11:0 p.m.73 views

CVE-2018-16523

The CVE-2018-16523 issue affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP) and the WHIS Connect TCP/IP module, caused by a division by zero in prvCheckOptions within the TCP/IP stack. ThreatPost and related sources confirm the vulnerability exists in the FreeRTOS TC...

7.4CVSS7.3AI score0.02056EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.69 views

CVE-2018-16527

The CVE-2018-16527 issue affects AWS FreeRTOS up to v1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and WHIS Connect middleware; it is an information disclosure vulnerability in prvProcessICMPPacket during ICMP packet parsing. The underlying cause is in the TCP/IP stack and associated conne...

5.9CVSS5.5AI score0.0185EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.60 views

CVE-2018-16522

AWS FreeRTOS (IoT OS) up to version 1.3.1 is affected by CVE-2018-16522: an uninitialized pointer free in SOCKETS_SetSockOpt. The issue is in the TCP/IP/secure connectivity stack of FreeRTOS within AWS FreeRTOS and could lead to memory corruption. Patches are available in AWS FreeRTOS 1.3.2 and l...

8.1CVSS8.1AI score0.02056EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.54 views

CVE-2018-16600

CVE-2018-16600 involves an out-of-bounds memory access during ARP packet parsing in eARPProcessPacket. Affected products include AWS FreeRTOS up to 1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect TCP/IP component. The issue enables information disclosure. The provi...

5.9CVSS5.4AI score0.01829EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.53 views

CVE-2018-16602

The CVE-2018-16602 entry concerns AWS FreeRTOS (and related FreeRTOS+TCP/OpenWHIS) through 1.3.1 and FreeRTOS up to 10.0.1 with FreeRTOS+TCP, plus WITTENSTEIN WHIS Connect middleware. The issue is an Out-of-bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies, which can ...

5.9CVSS5.4AI score0.01845EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.52 views

CVE-2018-16524

CVE-2018-16524 affects AWS FreeRTOS up to v1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and the WITTENSTEIN WHIS Connect TCP/IP component. It enables information disclosure during parsing of TCP options in prvCheckOptions. Impact is information exposure; remediation is to update to AWS Free...

5.9CVSS5.5AI score0.01829EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.52 views

CVE-2018-16526

CVE-2018-16526 affects AWS FreeRTOS up to v1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and the WHIS Connect TCP/IP component. The root cause is a buffer overflow during generation of a protocol checksum in two functions: usGenerateProtocolChecksum and prvProcessIPPacket , enabling remote a...

8.1CVSS8.2AI score0.04459EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.52 views

CVE-2018-16598

The CVE-2018-16598 issue affects AWS FreeRTOS up to 1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and the WHIS Connect TCP/IP component. The vulnerability is that in xProcessReceivedUDPPacket and prvParseDNSReply, any DNS response is accepted without confirming it matches a sent DNS reques...

5.9CVSS5.6AI score0.01524EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.52 views

CVE-2018-16599

Technical details for CVE-2018-16599 are not publicly available in the provided connected documents; monitor for updates.

5.9CVSS5.4AI score0.01829EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.51 views

CVE-2018-16601

CVE-2018-16601 affects AWS FreeRTOS up to 1.3.1, FreeRTOS up to v10.0.1 with FreeRTOS+TCP, and the WHIS Connect TCP/IP component. A crafted IP header can trigger a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution. Public details in the ...

8.1CVSS8.2AI score0.04161EPSS
CVE
CVE
added 2019/10/07 9:57 p.m.51 views

CVE-2019-13120

CVE-2019-13120 affects Amazon FreeRTOS up to v1.4.8. The vulnerability arises from insufficient length checking in prvProcessReceivedPublish, which can cause untargetable leakage of arbitrary memory on a device when an attacker sends a malformed MQTT publish to an Amazon IoT Thing interacting wit...

7.5CVSS7.4AI score0.0119EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.48 views

CVE-2018-16528

The CVE-2018-16528 issue affects AWS FreeRTOS up to version 1.3.1, where remote code execution is possible due to mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect within the AWS TLS connectivity modules. The vulnerability’s impact is described as remote attack...

8.1CVSS8.5AI score0.03291EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.48 views

CVE-2018-16603

CVE-2018-16603 affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), plus the WHIS Connect TCP/IP component. The issue is an out-of-bounds access in the TCP stack: processing received TCP packets can leak data by corrupting access to TCP source/destination port fields ...

5.9CVSS5.6AI score0.01814EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.46 views

CVE-2018-16525

This CVE affects AWS FreeRTOS up to 1.3.1 (and FreeRTOS up to V10.0.1 with FreeRTOS+TCP) and WITTENSTEIN WHIS Connect TCP/IP. Root cause: a Buffer Overflow during DNS/LLMNR packet parsing in prvParseDNSReply. Impact: allows remote attackers to execute arbitrary code or leak information. Affected ...

8.1CVSS8.3AI score0.04459EPSS