CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16598
https://notcve.org/view.php?id=CVE-2018-16598
06 Dec 2018 — An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect.... • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16522
https://notcve.org/view.php?id=CVE-2018-16522
06 Dec 2018 — Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt. Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1 tiene un puntero liberado sin inicializar en SOCKETS_SetSockOpt. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details • CWE-824: Access of Uninitialized Pointer •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2018-16603
https://notcve.org/view.php?id=CVE-2018-16603
06 Dec 2018 — An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. El acceso fu... • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2018-16599
https://notcve.org/view.php?id=CVE-2018-16599
06 Dec 2018 — An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. El acceso fuera de límit... • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •