Integer Underflow in FreeRTOS-Plus-TCP Affects Network Functionality
CVE-2026-7423

6MEDIUM

Key Information:

Vendor

Aws

Status
Freertos-plus-tcp
Vendor
CVE Published:
29 April 2026

What is CVE-2026-7423?

The vulnerability stems from an integer underflow in the ICMP and ICMPv6 echo reply handlers of FreeRTOS-Plus-TCP. When outgoing ping support is enabled, this flaw allows an adjacent network user to trigger a denial of service, resulting in device crashes. The issue arises from improperly checked header size subtractions from a packet length field, leading to potential heap out-of-bounds reads of up to approximately 65KB. Users are advised to upgrade to versions V4.4.1 or V4.2.6 or later to mitigate this vulnerability.

Affected Version(s)

FreeRTOS-Plus-TCP 4.0.0 < 4.2.6

FreeRTOS-Plus-TCP 4.3.0 < 4.4.1

FreeRTOS-Plus-TCP 4.2.6

References

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/ta...
patch
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/ta...
patch
https://aws.amazon.com/security/security-bulletins/2026-0...
vendor-advisory

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.