CVE-2018-16524: FreeRTOS TCP/IP

# Description

> Each one of the TCP option handlers can access data out of bounds, and in some cases an attacker can get this data back (thus leaking information).

# Root cause

> Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions. 

# Software

## Name

FreeRTOS

## Versions affected

1.3.1 - 10.0.1

# Links
- [CVE Entry](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16524)
- [In-depth analysis](https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2018-16524: FreeRTOS TCP/IP #71

Description

Root cause

Software

Name

Versions affected

Links

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2018-16524: FreeRTOS TCP/IP #71

Description

Description

Root cause

Software

Name

Versions affected

Links

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions