Out of Bounds Memory Access in AWS FreeRTOS and WITTENSTEIN WHIS Connect
CVE-2018-16602

5.9MEDIUM

Key Information:

Vendor

Amazon

Status
Amazon Web Services Freertos
Freertos
Vendor
CVE Published:
6 December 2018

What is CVE-2018-16602?

A vulnerability in Amazon Web Services (AWS) FreeRTOS and WITTENSTEIN WHIS Connect has been identified, where out of bounds memory access occurs during the parsing of DHCP responses in the prvProcessDHCPReplies function. This issue allows for potential information disclosure, making it a concern for devices utilizing these software solutions. The problem is present in AWS FreeRTOS versions up to 1.3.1 and FreeRTOS up to V10.0.1 that includes FreeRTOS+TCP functionality, as well as within the WITTENSTEIN WHIS Connect middleware. Users are advised to review updates and patch their systems accordingly.

References

https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGE...
x_refsource_CONFIRM
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabi...
x_refsource_MISC
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.