CVE-2018-16528

Name of the Vulnerable Software and Affected Versions Amazon Web Services (AWS) FreeRTOS versions prior to 1.3.2

Description The issue allows remote attackers to execute arbitrary code due to mbedTLS context object corruption in the prvSetupConnection and GGD SecureConnect Connect functions within AWS TLS connectivity modules.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the AWS TLS connectivity modules until a patch is available.