Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2018-16525: FreeRTOS TCP/IP #68

Open
senier opened this issue Dec 23, 2020 · 1 comment
Open

CVE-2018-16525: FreeRTOS TCP/IP #68

senier opened this issue Dec 23, 2020 · 1 comment
Labels
DNS Exposure of Sensitive Information LLMNR Missing Length Check OSS Remote Code Execution UDP

Comments

@senier
Copy link
Member

senier commented Dec 23, 2020
edited
Loading

Description

DNS/LLMNR memory corruption/information leak

Root cause

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.

Software

Name

FreeRTOS

Versions affected

1.3.1-10.0.1

Links
@senier senier added the OSS label Jan 29, 2021
@senier senier added the UDP label Apr 30, 2021
@senier
Copy link
Member Author

senier commented May 2, 2021

Added example for the first vulnerability based on xDataLength. The DNS vulnerability is out of scope for now.

senier pushed a commit that referenced this issue May 2, 2021
Add reproducer
1f8e4ee 
Ref. #68
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
DNS Exposure of Sensitive Information LLMNR Missing Length Check OSS Remote Code Execution UDP
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@senier