CVE-2018-16525: Buffer Overflow
First published: Thu Dec 06 2018(Updated: )
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Amazon Amazon Web Services Freertos | <=1.3.1 | |
| Amazon Freertos | <=10.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-16525.
What is the severity of CVE-2018-16525?
The severity of CVE-2018-16525 is high with a CVSS score of 8.1.
What software is affected by CVE-2018-16525?
Amazon Web Services (AWS) FreeRTOS through 1.3.1 and FreeRTOS up to V10.0.1 (with FreeRTOS+TCP) are affected by CVE-2018-16525.
How can remote attackers exploit CVE-2018-16525?
Remote attackers can exploit CVE-2018-16525 by executing arbitrary code or leaking information through a Buffer Overflow during parsing of DNS/LLMNR packets in prvParseDNSR.
Are there any patches or fixes available for CVE-2018-16525?
Yes, patches and fixes are available for CVE-2018-16525. Please refer to the references for more information.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/amazon
- canonical/amazon amazon web services freertos
- version/amazon amazon web services freertos/1.3.1
- canonical/amazon freertos
- version/amazon freertos/10.0.1