CVE-2018-16602: FreeRTOS TCP/IP

# Description

The prvProcessDHCPReplies function doesn’t validate that a packet is large enough to be a valid DHCP packet.

# Root cause

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure. 

# Software

## Name

FreeRTOS

## Versions affected

1.3.1 - 10.0.1

# Links
- [CVE Entry](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16602)
- [In-depth analysis](https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2018-16602: FreeRTOS TCP/IP #73

Description

Root cause

Software

Name

Versions affected

Links

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2018-16602: FreeRTOS TCP/IP #73

Description

Description

Root cause

Software

Name

Versions affected

Links

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions