CVE-2018-16527: FreeRTOS TCP/IP

# Description

prvProcessICMPPacket doesn’t validate that the received frame is large enough to be an ICMP packet, and can access fields from this packet out of bounds.

# Root cause

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.

# Software

## Name

[FreeRTOS-Plus-TCP](https://github.com/FreeRTOS/FreeRTOS-Plus-TCP.git)

## Versions affected

< 2.0.7

## Fix

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/commit/b95fdc3e023c8651fb3ae65e4453710853a23bce

# Exploit

https://github.com/Componolit/systematization-binary-vulnerabilities/blob/master/examples/src/vuln_75.c

# Links
- [CVE Entry](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16527)
- [In-depth analysis](https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2018-16527: FreeRTOS TCP/IP #75

Description

Root cause

Software

Name

Versions affected

Fix

Exploit

Links

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2018-16527: FreeRTOS TCP/IP #75

Description

Description

Root cause

Software

Name

Versions affected

Fix

Exploit

Links

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions