What is the severity of CVE-2018-16603?

CVE-2018-16603 has been classified with a high severity due to out-of-bounds access that could lead to data leakage.

How do I fix CVE-2018-16603?

To fix CVE-2018-16603, upgrade to AWS FreeRTOS version 1.3.2 or later, or FreeRTOS version 10.0.2 or later.

What types of software are affected by CVE-2018-16603?

CVE-2018-16603 affects AWS FreeRTOS versions up to 1.3.1 and FreeRTOS versions up to 10.0.1 that include the FreeRTOS+TCP component.

What is the potential impact of CVE-2018-16603?

The potential impact of CVE-2018-16603 includes unauthorized data leakage through TCP packet handling.

Is CVE-2018-16603 being actively exploited?

There have been no reported instances of CVE-2018-16603 being actively exploited in the wild, but it is recommended to patch the vulnerability as a precaution.

Vulnerability/
CVE-2018-16603

medium

5.9

CWE

200

6/12/2018

5/8/2024

CVE-2018-16603: Infoleak

First published: Thu Dec 06 2018(Updated: )

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Amazon Amazon Web Services Freertos	<=1.3.1
Amazon Freertos	<=10.0.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-16603?
CVE-2018-16603 has been classified with a high severity due to out-of-bounds access that could lead to data leakage.
How do I fix CVE-2018-16603?
To fix CVE-2018-16603, upgrade to AWS FreeRTOS version 1.3.2 or later, or FreeRTOS version 10.0.2 or later.
What types of software are affected by CVE-2018-16603?
CVE-2018-16603 affects AWS FreeRTOS versions up to 1.3.1 and FreeRTOS versions up to 10.0.1 that include the FreeRTOS+TCP component.
What is the potential impact of CVE-2018-16603?
The potential impact of CVE-2018-16603 includes unauthorized data leakage through TCP packet handling.
Is CVE-2018-16603 being actively exploited?
There have been no reported instances of CVE-2018-16603 being actively exploited in the wild, but it is recommended to patch the vulnerability as a precaution.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/description
agent/first-publish-date
agent/tags
agent/event
agent/source
vendor/amazon
canonical/amazon amazon web services freertos
version/amazon amazon web services freertos/1.3.1
canonical/amazon freertos
version/amazon freertos/10.0.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2018-16603?
CVE-2018-16603 has been classified with a high severity due to out-of-bounds access that could lead to data leakage.
How do I fix CVE-2018-16603?
To fix CVE-2018-16603, upgrade to AWS FreeRTOS version 1.3.2 or later, or FreeRTOS version 10.0.2 or later.
What types of software are affected by CVE-2018-16603?
CVE-2018-16603 affects AWS FreeRTOS versions up to 1.3.1 and FreeRTOS versions up to 10.0.1 that include the FreeRTOS+TCP component.
What is the potential impact of CVE-2018-16603?
The potential impact of CVE-2018-16603 includes unauthorized data leakage through TCP packet handling.
Is CVE-2018-16603 being actively exploited?
There have been no reported instances of CVE-2018-16603 being actively exploited in the wild, but it is recommended to patch the vulnerability as a precaution.