CVE-2018-16523: FreeRTOS TCP/IP

# Description

> The TCP_OPT_MSS handler also contains a DoS vulnerability. 

# Root cause

> Amazon  Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with  FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component  allow division by zero in prvCheckOptions.

> When recalculating the RxWindowLength, if an attacker supplies an MSS of 0, this line will divide by 0 thus raising an exception and causing a DoS.

# Software

## Name

FreeRTOS

## Versions affected

1.3.1 - 10.0.1

# Links
- [CVE Entry](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16523)
- [In-depth analysis](https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2018-16523: FreeRTOS TCP/IP #70

Description

Root cause

Software

Name

Versions affected

Links

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2018-16523: FreeRTOS TCP/IP #70

Description

Description

Root cause

Software

Name

Versions affected

Links

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions