Lucene search
K
AmazonFreertos

17 matches found

CVE
CVE
added 2024/03/07 8:54 p.m.105 views

CVE-2024-28115

CVE-2024-28115 concerns FreeRTOS Kernel versions through 10.6.1, where local privilege escalation is possible via Return Oriented Programming if code injection/execution is possible. Affected are ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled (configENABLE_MPU=1). The issue is fixed...

8.8CVSS8.7AI score0.0024EPSS
CVE
CVE
added 2021/11/17 12:0 a.m.74 views

CVE-2021-43997

CVE-2021-43997 affects FreeRTOS ARMv7-M and ARMv8-M MPU ports. Versions 10.2.0–10.4.5 allow non‑kernel code to call the internal xPortRaisePrivilege function to raise privilege; versions up to 10.4.6 can enable a second‑stage privilege escalation if injected code branches inside an MPU API wrappe...

7.8CVSS7.9AI score0.00315EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.73 views

CVE-2018-16523

The CVE-2018-16523 issue affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP) and the WHIS Connect TCP/IP module, caused by a division by zero in prvCheckOptions within the TCP/IP stack. ThreatPost and related sources confirm the vulnerability exists in the FreeRTOS TC...

7.4CVSS7.3AI score0.02056EPSS
CVE
CVE
added 2021/05/03 9:12 p.m.73 views

CVE-2021-32020

CVE-2021-32020 affects the kernel of Amazon Web Services FreeRTOS prior to 10.4.3, where insufficient bounds checking during heap memory management is the root cause. The issue is exploitable over a network with low attack complexity and no authentication, and it carries high potential impact to ...

9.8CVSS9.2AI score0.01303EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.69 views

CVE-2018-16527

The CVE-2018-16527 issue affects AWS FreeRTOS up to v1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and WHIS Connect middleware; it is an information disclosure vulnerability in prvProcessICMPPacket during ICMP packet parsing. The underlying cause is in the TCP/IP stack and associated conne...

5.9CVSS5.5AI score0.0185EPSS
CVE
CVE
added 2021/04/22 5:56 p.m.69 views

CVE-2021-31572

CVE-2021-31572 affects Amazon FreeRTOS kernel prior to 10.4.3. The issue is an integer overflow in stream_buffer.c within the stream buffer code, which can lead to memory-related issues on affected devices. The vulnerability has a high severity (CVSS v3.1 base score 9.8, network attack, no user i...

9.8CVSS9.3AI score0.01382EPSS
CVE
CVE
added 2021/04/22 5:56 p.m.56 views

CVE-2021-31571

CVE-2021-31571 affects Amazon FreeRTOS prior to 10.4.3, where an integer overflow in queue.c during queue creation can lead to memory corruption. Red Hat and CNVD entries corroborate the same vulnerability in AWS FreeRTOS. The issue is rooted in queue creation logic; the impact is memory corrupti...

9.8CVSS9.4AI score0.01382EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.54 views

CVE-2018-16600

CVE-2018-16600 involves an out-of-bounds memory access during ARP packet parsing in eARPProcessPacket. Affected products include AWS FreeRTOS up to 1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect TCP/IP component. The issue enables information disclosure. The provi...

5.9CVSS5.4AI score0.01829EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.53 views

CVE-2018-16602

The CVE-2018-16602 entry concerns AWS FreeRTOS (and related FreeRTOS+TCP/OpenWHIS) through 1.3.1 and FreeRTOS up to 10.0.1 with FreeRTOS+TCP, plus WITTENSTEIN WHIS Connect middleware. The issue is an Out-of-bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies, which can ...

5.9CVSS5.4AI score0.01845EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.52 views

CVE-2018-16524

CVE-2018-16524 affects AWS FreeRTOS up to v1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and the WITTENSTEIN WHIS Connect TCP/IP component. It enables information disclosure during parsing of TCP options in prvCheckOptions. Impact is information exposure; remediation is to update to AWS Free...

5.9CVSS5.5AI score0.01829EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.52 views

CVE-2018-16598

The CVE-2018-16598 issue affects AWS FreeRTOS up to 1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and the WHIS Connect TCP/IP component. The vulnerability is that in xProcessReceivedUDPPacket and prvParseDNSReply, any DNS response is accepted without confirming it matches a sent DNS reques...

5.9CVSS5.6AI score0.01524EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.52 views

CVE-2018-16599

Technical details for CVE-2018-16599 are not publicly available in the provided connected documents; monitor for updates.

5.9CVSS5.4AI score0.01829EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.51 views

CVE-2018-16526

CVE-2018-16526 affects AWS FreeRTOS up to v1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and the WHIS Connect TCP/IP component. The root cause is a buffer overflow during generation of a protocol checksum in two functions: usGenerateProtocolChecksum and prvProcessIPPacket , enabling remote a...

8.1CVSS8.2AI score0.04459EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.51 views

CVE-2018-16601

CVE-2018-16601 affects AWS FreeRTOS up to 1.3.1, FreeRTOS up to v10.0.1 with FreeRTOS+TCP, and the WHIS Connect TCP/IP component. A crafted IP header can trigger a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution. Public details in the ...

8.1CVSS8.2AI score0.04161EPSS
CVE
CVE
added 2023/11/21 5:43 p.m.50 views

CVE-2021-27504

CVE-2021-27504 describes an integer overflow in malloc within the TI TI-RTOS/FreeRTOS stack (TI-RTOS-MCU). When malloc is fed extremely large values, it returns a pointer to a small buffer, enabling code execution. Affected products include Texas Instruments TI-RTOS/MCU and FreeRTOS components us...

7.8CVSS8.1AI score0.00279EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.48 views

CVE-2018-16603

CVE-2018-16603 affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), plus the WHIS Connect TCP/IP component. The issue is an out-of-bounds access in the TCP stack: processing received TCP packets can leak data by corrupting access to TCP source/destination port fields ...

5.9CVSS5.6AI score0.01814EPSS
CVE
CVE
added 2018/12/06 11:0 p.m.46 views

CVE-2018-16525

This CVE affects AWS FreeRTOS up to 1.3.1 (and FreeRTOS up to V10.0.1 with FreeRTOS+TCP) and WITTENSTEIN WHIS Connect TCP/IP. Root cause: a Buffer Overflow during DNS/LLMNR packet parsing in prvParseDNSReply. Impact: allows remote attackers to execute arbitrary code or leak information. Affected ...

8.1CVSS8.3AI score0.04459EPSS