First published: Thu Dec 06 2018(Updated: )
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Amazon Amazon Web Services Freertos | <=1.3.1 | |
Amazon Freertos | <=10.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-16602 is medium.
CVE-2018-16602 affects Amazon Web Services (AWS) FreeRTOS through version 1.3.1 and FreeRTOS up to version 10.0.1.
CVE-2018-16602 can be exploited by performing out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies, which can lead to information disclosure.
Yes, a fix for CVE-2018-16602 is available. Please refer to the official changelog for Amazon FreeRTOS for more information.
You can find more information about CVE-2018-16602 in the following references: [Zimperium Blog](https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/), [Zimperium Blog](https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/), [GitHub Changelog](https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md).