PT-2026-35979 · Aws · Freertos-Plus-Tcp
Eun0Us
·
Published
2026-04-29
·
Updated
2026-04-29
·
CVE-2026-7425
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
FreeRTOS-Plus-TCP versions prior to V4.2.6
FreeRTOS-Plus-TCP versions prior to V4.4.1
Description
Insufficient option length validation in the IPv6 Router Advertisement parser allows an adjacent network actor to cause a denial of service, resulting in a device crash. This occurs when a crafted Router Advertisement is sent with a truncated PREFIX INFORMATION option that is smaller than the expected structure size.
Recommendations
Upgrade to version V4.2.6 or later.
Upgrade to version V4.4.1 or later.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freertos-Plus-Tcp