CVE-2018-16603

Name of the Vulnerable Software and Affected Versions Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified)

Description An issue in the affected software allows out of bounds access to TCP source and destination port fields in the xProcessReceivedTCPPacket function, potentially leaking data back to an attacker.

Recommendations For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this issue.