Freertos Security Vulnerabilities and Issues — Freertos CVE List

Lucene search

AmazonFreertos

17 matches found

CVE•added 2024/03/07 9:15 p.m.•65 views

CVE-2024-28115

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect...

8.8CVSS8.7AI score0.00034EPSS

CVE•added 2021/05/03 10:15 p.m.•62 views

CVE-2021-32020

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.

9.8CVSS9.2AI score0.00314EPSS

CVE•added 2018/12/06 11:29 p.m.•56 views

CVE-2018-16523

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.

7.4CVSS7.3AI score0.00621EPSS

CVE•added 2021/04/22 6:15 p.m.•56 views

CVE-2021-31572

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.

9.8CVSS9.3AI score0.00574EPSS

CVE•added 2021/11/17 9:15 p.m.•56 views

CVE-2021-43997

FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve furth...

7.8CVSS7.9AI score0.00283EPSS

CVE•added 2018/12/06 11:29 p.m.•55 views

CVE-2018-16527

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.

5.9CVSS5.5AI score0.00453EPSS

CVE•added 2021/04/22 6:15 p.m.•44 views

CVE-2021-31571

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.

9.8CVSS9.4AI score0.00574EPSS

CVE•added 2018/12/06 11:29 p.m.•39 views

CVE-2018-16598

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches ...

5.9CVSS5.6AI score0.00284EPSS

CVE•added 2018/12/06 11:29 p.m.•39 views

CVE-2018-16600

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.

5.9CVSS5.4AI score0.00453EPSS

CVE•added 2018/12/06 11:29 p.m.•38 views

CVE-2018-16599

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.

5.9CVSS5.4AI score0.00453EPSS

CVE•added 2018/12/06 11:29 p.m.•37 views

CVE-2018-16526

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGene...

8.1CVSS8.2AI score0.06571EPSS

CVE•added 2018/12/06 11:29 p.m.•37 views

CVE-2018-16601

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly r...

8.1CVSS8.2AI score0.03466EPSS

CVE•added 2018/12/06 11:29 p.m.•36 views

CVE-2018-16524

5.9CVSS5.5AI score0.00453EPSS

CVE•added 2018/12/06 11:29 p.m.•36 views

CVE-2018-16602

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclo...

5.9CVSS5.4AI score0.00453EPSS

CVE•added 2023/11/21 6:15 p.m.•36 views

CVE-2021-27504

Texas Instruments devices running FREERTOS, malloc returns a validpointer to a small buffer on extremely large values, which can triggeran integer overflow vulnerability in 'malloc' for FreeRTOS, resulting incode execution.

7.8CVSS8.1AI score0.00124EPSS

CVE•added 2018/12/06 11:29 p.m.•33 views

CVE-2018-16603

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an att...

5.9CVSS5.6AI score0.00453EPSS

CVE•added 2018/12/06 11:29 p.m.•32 views

CVE-2018-16525

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNS...

8.1CVSS8.3AI score0.08281EPSS