CVE-2018-16598

Name of the Vulnerable Software and Affected Versions Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to V10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified)

Description The issue allows any received DNS response to be accepted without confirming it matches a sent DNS request. This is due to the functions xProcessReceivedUDPPacket and prvParseDNSReply not properly validating DNS responses.

Recommendations For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version that includes the necessary patches to validate DNS responses. For FreeRTOS versions up to V10.0.1, update to a version that includes the necessary patches to validate DNS responses. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this issue.