CVE Details
Basic Information
| Title | Out of Bounds Write in FreeRTOS-Plus-TCP |
|---|---|
| Type | cve |
| Published | 2025-06-04T17:09:54.718Z |
| Last Seen |
Product Information
| Vendor | Amazon |
|---|---|
| Product | FreeRTOS |
| Version | 2.3.4 |
CVSS Information
| Base Score | 7.5 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A buffer overflow vulnerability in FreeRTOS-Plus-TCP allows out-of-bounds writes when handling long LLMNR or mDNS queries, potentially leading to system instability or code execution. This issue affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and apply patches to forked or derivative code. |
|---|---|
| AI Severity | High |
| Vendor | Amazon |
| Product | FreeRTOS-Plus-TCP |
| Affected Version | 2.3.4 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-787 |
| Bulletin Family | |
| Source Data | Amazon FreeRTOS 2.3.4 |
Source Information
| Source Data | Amazon FreeRTOS 2.3.4 |
|---|---|
| Source Link |
Description
We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled.
Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.
CVSS Score Summary
Base Score: 7.5 (HIGH)