Buffer Overflow Vulnerability in FreeRTOS and WITTENSTEIN WHIS Connect
CVE-2018-16526

8.1HIGH

Key Information:

Vendor

Amazon

Status
Amazon Web Services Freertos
Freertos
Vendor
CVE Published:
6 December 2018

What is CVE-2018-16526?

A buffer overflow vulnerability exists in Amazon Web Services (AWS) FreeRTOS and WITTENSTEIN WHIS Connect middleware that could be exploited by remote attackers. The issue arises during the generation of a protocol checksum in the functions usGenerateProtocolChecksum and prvProcessIPPacket. Successful exploitation of this vulnerability may allow an attacker to leak sensitive information or execute arbitrary code, potentially compromising the system's integrity and availability. It's crucial for users to assess their implementations and apply appropriate patches to mitigate risks associated with this vulnerability.

References

https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGE...
x_refsource_CONFIRM
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabi...
x_refsource_MISC
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabi...
x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.