Vendor CVEs
FreeRTOS
All CVEs
27 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7426 | Hig | 0.46 | 8.1 | 0.00 | Apr 29, 2026 | Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the… | ||
| CVE-2026-7424 | Hig | 0.46 | 8.1 | 0.00 | Apr 29, 2026 | Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze… | ||
| CVE-2026-8686 | Hig | 0.42 | 7.5 | 0.00 | May 15, 2026 | Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1. | ||
| CVE-2025-5688 | Hig | 0.42 | — | 0.00 | Jun 4, 2025 | We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and… | ||
| CVE-2026-7425 | Med | 0.35 | 6.5 | 0.00 | Apr 29, 2026 | Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION… | ||
| CVE-2026-7422 | Med | 0.35 | 6.5 | 0.00 | Apr 29, 2026 | Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the… | ||
| CVE-2026-7423 | Med | 0.27 | 5.3 | 0.00 | Apr 29, 2026 | Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length… | ||
| CVE-2018-16526 | 0.01 | — | 0.04 | Dec 6, 2018 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a… | |||
| CVE-2018-16525 | 0.01 | — | 0.04 | Dec 6, 2018 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR… | |||
| CVE-2025-11618 | 0.00 | — | 0.00 | Oct 10, 2025 | A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend… | |||
| CVE-2025-11617 | 0.00 | — | 0.00 | Oct 10, 2025 | A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using IPv6. We recommend users upgrade to the… | |||
| CVE-2025-11616 | 0.00 | — | 0.00 | Oct 10, 2025 | A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6. Users should… | |||
| CVE-2024-38373 | 0.00 | — | 0.01 | Jun 24, 2024 | FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value… | |||
| CVE-2024-28115 | 0.00 | — | 0.00 | Mar 7, 2024 | FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution.… | |||
| CVE-2021-27504 | 0.00 | — | 0.00 | Nov 21, 2023 | Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution. | |||
| CVE-2021-43997 | 0.00 | — | 0.00 | Nov 17, 2021 | FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected… | |||
| CVE-2021-31572 | 0.00 | — | 0.01 | Apr 22, 2021 | The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. | |||
| CVE-2019-18178 | 0.00 | — | 0.01 | Nov 4, 2019 | Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the… | |||
| CVE-2019-13120 | 0.00 | — | 0.01 | Oct 7, 2019 | Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT… | |||
| CVE-2018-16601 | 0.00 | — | 0.04 | Dec 6, 2018 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of… | |||
| CVE-2018-16598 | 0.00 | — | 0.02 | Dec 6, 2018 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without… | |||
| CVE-2018-16524 | 0.00 | — | 0.02 | Dec 6, 2018 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions. | |||
| CVE-2018-16600 | 0.00 | — | 0.02 | Dec 6, 2018 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for… | |||
| CVE-2018-16527 | 0.00 | — | 0.02 | Dec 6, 2018 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket. | |||
| CVE-2018-16602 | 0.00 | — | 0.02 | Dec 6, 2018 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used… | |||
| CVE-2018-16523 | 0.00 | — | 0.02 | Dec 6, 2018 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions. | |||
| CVE-2018-16599 | 0.00 | — | 0.02 | Dec 6, 2018 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for… |
- risk 0.46cvss 8.1epss 0.00
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the…
- risk 0.46cvss 8.1epss 0.00
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze…
- risk 0.42cvss 7.5epss 0.00
Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1.
- risk 0.42cvss —epss 0.00
We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and…
- risk 0.35cvss 6.5epss 0.00
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION…
- risk 0.35cvss 6.5epss 0.00
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the…
- risk 0.27cvss 5.3epss 0.00
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length…
- CVE-2018-16526Dec 6, 2018risk 0.01cvss —epss 0.04
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a…
- CVE-2018-16525Dec 6, 2018risk 0.01cvss —epss 0.04
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR…
- CVE-2025-11618Oct 10, 2025risk 0.00cvss —epss 0.00
A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend…
- CVE-2025-11617Oct 10, 2025risk 0.00cvss —epss 0.00
A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using IPv6. We recommend users upgrade to the…
- CVE-2025-11616Oct 10, 2025risk 0.00cvss —epss 0.00
A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6. Users should…
- CVE-2024-38373Jun 24, 2024risk 0.00cvss —epss 0.01
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value…
- CVE-2024-28115Mar 7, 2024risk 0.00cvss —epss 0.00
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution.…
- CVE-2021-27504Nov 21, 2023risk 0.00cvss —epss 0.00
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.
- CVE-2021-43997Nov 17, 2021risk 0.00cvss —epss 0.00
FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected…
- CVE-2021-31572Apr 22, 2021risk 0.00cvss —epss 0.01
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.
- CVE-2019-18178Nov 4, 2019risk 0.00cvss —epss 0.01
Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the…
- CVE-2019-13120Oct 7, 2019risk 0.00cvss —epss 0.01
Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT…
- CVE-2018-16601Dec 6, 2018risk 0.00cvss —epss 0.04
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of…
- CVE-2018-16598Dec 6, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without…
- CVE-2018-16524Dec 6, 2018risk 0.00cvss —epss 0.02
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.
- CVE-2018-16600Dec 6, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for…
- CVE-2018-16527Dec 6, 2018risk 0.00cvss —epss 0.02
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.
- CVE-2018-16602Dec 6, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used…
- CVE-2018-16523Dec 6, 2018risk 0.00cvss —epss 0.02
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
- CVE-2018-16599Dec 6, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for…