Ori Karliner

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions prior to 1.3.2 **Description** The issue is related to an uninitialized pointer free in the SOCKETS SetSockOpt function. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue allows division by zero in `prvCheckOptions()`. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue allows information disclosure during the parsing of TCP options in the `prvCheckOptions` function. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1 to resolve the issue. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1 to resolve the issue. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or leak information due to a Buffer Overflow that occurs during the parsing of DNS/LLMNR packets in the `prvParseDNSReply` function. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1 to resolve the issue. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1 to resolve the issue. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue allows remote attackers to leak information or execute arbitrary code due to a Buffer Overflow. This occurs during the generation of a protocol checksum in `usGenerateProtocolChecksum` and `prvProcessIPPacket`. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1 to resolve the issue. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1 to resolve the issue. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue allows information disclosure during the parsing of ICMP packets in the `prvProcessICMPPacket` function. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1 to resolve the issue. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1 to resolve the issue. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions prior to 1.3.2 **Description** The issue allows remote attackers to execute arbitrary code due to mbedTLS context object corruption in the `prvSetupConnection` and `GGD SecureConnect Connect` functions within AWS TLS connectivity modules. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the AWS TLS connectivity modules until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to V10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue allows any received DNS response to be accepted without confirming it matches a sent DNS request. This is due to the functions `xProcessReceivedUDPPacket` and `prvParseDNSReply` not properly validating DNS responses. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version that includes the necessary patches to validate DNS responses. For FreeRTOS versions up to V10.0.1, update to a version that includes the necessary patches to validate DNS responses. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to V10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue is related to out of bounds memory access during the parsing of NBNS packets in the `prvTreatNBNS` function, which can be used for information disclosure. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1. For FreeRTOS versions up to V10.0.1, update to a version later than V10.0.1. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to V10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue is related to out of bounds memory access during the parsing of ARP packets in the `eARPProcessPacket` function, which can be used for information disclosure. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1 to resolve the issue. For FreeRTOS versions up to V10.0.1, update to a version later than V10.0.1 to resolve the issue. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** A crafted IP header can trigger a full memory space copy in the `prvProcessIPPacket` function, leading to denial of service and possibly remote code execution. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1 to resolve the issue. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1 to resolve the issue. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** The issue is related to out of bounds memory access during the parsing of DHCP responses in the `prvProcessDHCPReplies` function, which can be used for information disclosure. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1 to resolve the issue. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1 to resolve the issue. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon Web Services (AWS) FreeRTOS versions through 1.3.1 FreeRTOS versions up to 10.0.1 WITTENSTEIN WHIS Connect middleware TCP/IP component (affected versions not specified) **Description** An issue in the affected software allows out of bounds access to TCP source and destination port fields in the `xProcessReceivedTCPPacket` function, potentially leaking data back to an attacker. **Recommendations** For Amazon Web Services (AWS) FreeRTOS versions through 1.3.1, update to a version later than 1.3.1. For FreeRTOS versions up to 10.0.1, update to a version later than 10.0.1. For WITTENSTEIN WHIS Connect middleware TCP/IP component, at the moment, there is no information about a newer version that contains a fix for this issue.