Invalid Pointer Dereference when receiving UDP/IPv6 packets in FreeRTOS-Plus-TCP

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Description

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6.

We recommend upgrading to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

Basic Information

ID CVE-2025-11618

Source AMZN

Published Oct 10, 2025 at 17:10

Modified Oct 10, 2025 at 17:33

Affected Product

Vendor AWS

Product FreeRTOS-Plus-TCP

Version 4.0.0

Affected Versions AWS FreeRTOS-Plus-TCP 4.0.0

CWE Classification

CWE-476

References

{
    "lastseen": "",
    "description": "A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.\u00a0This issue only affects applications using IPv6.\n\nWe recommend upgrading to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.",
    "published": "2025-10-10T17:10:34.267Z",
    "modified": "2025-10-10T17:33:29.903Z",
    "type": "cve",
    "title": "Invalid Pointer Dereference when receiving UDP/IPv6 packets in FreeRTOS-Plus-TCP",
    "source": "AMZN",
    "references": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.3.4\nhttps://aws.amazon.com/security/security-bulletins/AWS-2025-023/\nhttps://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-6fh9-mqxj-hmwj",
    "id": "CVE-2025-11618",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "AWS FreeRTOS-Plus-TCP 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FreeRTOS-Plus-TCP",
    "version": "4.0.0",
    "vendor": "AWS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Invalid Pointer Dereference when receiving UDP/IPv6 packets in FreeRTOS-Plus-TCP_CVE-2025-11618