PT-2026-35980 · Aws · Freertos-Plus-Tcp
Aniruddha Kanhere
+1
·
Published
2026-04-29
·
Updated
2026-04-29
·
CVE-2026-7426
CVSS v3.1
8.1
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FreeRTOS-Plus-TCP versions prior to V4.2.6
FreeRTOS-Plus-TCP versions prior to V4.4.1
Description
Insufficient validation of the prefix length field during IPv6 Router Advertisement processing allows an adjacent network actor to cause memory corruption. By sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, a heap buffer overflow occurs. This issue does not impact users who only process IPv4 Router Advertisements.
Recommendations
Upgrade to version V4.2.6 or later.
Upgrade to version V4.4.1 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freertos-Plus-Tcp