14 matches found
CVE-2018-16523
The CVE-2018-16523 issue affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP) and the WHIS Connect TCP/IP module, caused by a division by zero in prvCheckOptions within the TCP/IP stack. ThreatPost and related sources confirm the vulnerability exists in the FreeRTOS TC...
CVE-2018-16527
The CVE-2018-16527 issue affects AWS FreeRTOS up to v1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and WHIS Connect middleware; it is an information disclosure vulnerability in prvProcessICMPPacket during ICMP packet parsing. The underlying cause is in the TCP/IP stack and associated conne...
CVE-2018-16522
AWS FreeRTOS (IoT OS) up to version 1.3.1 is affected by CVE-2018-16522: an uninitialized pointer free in SOCKETS_SetSockOpt. The issue is in the TCP/IP/secure connectivity stack of FreeRTOS within AWS FreeRTOS and could lead to memory corruption. Patches are available in AWS FreeRTOS 1.3.2 and l...
CVE-2018-16600
CVE-2018-16600 involves an out-of-bounds memory access during ARP packet parsing in eARPProcessPacket. Affected products include AWS FreeRTOS up to 1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect TCP/IP component. The issue enables information disclosure. The provi...
CVE-2018-16602
The CVE-2018-16602 entry concerns AWS FreeRTOS (and related FreeRTOS+TCP/OpenWHIS) through 1.3.1 and FreeRTOS up to 10.0.1 with FreeRTOS+TCP, plus WITTENSTEIN WHIS Connect middleware. The issue is an Out-of-bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies, which can ...
CVE-2018-16524
CVE-2018-16524 affects AWS FreeRTOS up to v1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and the WITTENSTEIN WHIS Connect TCP/IP component. It enables information disclosure during parsing of TCP options in prvCheckOptions. Impact is information exposure; remediation is to update to AWS Free...
CVE-2018-16526
CVE-2018-16526 affects AWS FreeRTOS up to v1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and the WHIS Connect TCP/IP component. The root cause is a buffer overflow during generation of a protocol checksum in two functions: usGenerateProtocolChecksum and prvProcessIPPacket , enabling remote a...
CVE-2018-16598
The CVE-2018-16598 issue affects AWS FreeRTOS up to 1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and the WHIS Connect TCP/IP component. The vulnerability is that in xProcessReceivedUDPPacket and prvParseDNSReply, any DNS response is accepted without confirming it matches a sent DNS reques...
CVE-2018-16599
Technical details for CVE-2018-16599 are not publicly available in the provided connected documents; monitor for updates.
CVE-2018-16601
CVE-2018-16601 affects AWS FreeRTOS up to 1.3.1, FreeRTOS up to v10.0.1 with FreeRTOS+TCP, and the WHIS Connect TCP/IP component. A crafted IP header can trigger a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution. Public details in the ...
CVE-2019-13120
CVE-2019-13120 affects Amazon FreeRTOS up to v1.4.8. The vulnerability arises from insufficient length checking in prvProcessReceivedPublish, which can cause untargetable leakage of arbitrary memory on a device when an attacker sends a malformed MQTT publish to an Amazon IoT Thing interacting wit...
CVE-2018-16528
The CVE-2018-16528 issue affects AWS FreeRTOS up to version 1.3.1, where remote code execution is possible due to mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect within the AWS TLS connectivity modules. The vulnerability’s impact is described as remote attack...
CVE-2018-16603
CVE-2018-16603 affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), plus the WHIS Connect TCP/IP component. The issue is an out-of-bounds access in the TCP stack: processing received TCP packets can leak data by corrupting access to TCP source/destination port fields ...
CVE-2018-16525
This CVE affects AWS FreeRTOS up to 1.3.1 (and FreeRTOS up to V10.0.1 with FreeRTOS+TCP) and WITTENSTEIN WHIS Connect TCP/IP. Root cause: a Buffer Overflow during DNS/LLMNR packet parsing in prvParseDNSReply. Impact: allows remote attackers to execute arbitrary code or leak information. Affected ...