PT-2026-35974 · Unknown · Freertos-Plus-Tcp
Archigup
·
Published
2026-04-29
·
Updated
2026-05-04
·
CVE-2026-7423
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
FreeRTOS-Plus-TCP versions prior to V4.4.1
FreeRTOS-Plus-TCP versions prior to V4.2.6
Description
An integer underflow exists in the ICMP and ICMPv6 echo reply handlers when outgoing ping support is enabled. This occurs because header sizes are subtracted from a packet length field without verifying if the field is sufficiently large, leading to a heap out-of-bounds read of approximately 65KB. An adjacent network user can exploit this to cause a denial of service, resulting in a device crash.
Recommendations
Upgrade to version V4.4.1 or later.
Upgrade to version V4.2.6 or later.
Fix
DoS
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freertos-Plus-Tcp