PT-2026-35975 · Unknown · Freertos-Plus-Tcp
Eun0Us| Espilon
·
Published
2026-04-29
·
Updated
2026-04-29
·
CVE-2026-7424
CVSS v3.1
8.1
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FreeRTOS-Plus-TCP versions prior to V4.2.6
FreeRTOS-Plus-TCP versions prior to V4.4.1
Description
An integer underflow in the DHCPv6 sub-option parser occurs whenever DHCPv6 is enabled. This allows an adjacent network actor to send a single crafted DHCPv6 packet to corrupt the device's IPv6 address assignment, DNS configuration, and lease times. This can lead to a denial of service, resulting in a permanent IP task freeze that requires a hardware reset.
Recommendations
Upgrade to version V4.2.6 or newer.
Upgrade to version V4.4.1 or newer.
Fix
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freertos-Plus-Tcp