Page 2 of 14 results (0.007 seconds)

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. En xProcessReceivedUDPPacket y prvParseDNSReply, se acepta cualquier respuesta DNS recibida sin confirmar que coincide con la petición DNS enviada. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. El acceso fuera de límites a los campos de los puertos de origen y destino TCP en xProcessReceivedTCPPacket puede filtrar datos a un atacante. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions. Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect permiten la división entre cero en prvCheckOptions. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-369: Divide By Zero •

CVSS: 8.1EPSS: 4%CPEs: 2EXPL: 1

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. Una cabecera IP manipulada desencadena la copia de un espacio de memoria completo en prvProcessIPPacket, lo que conduce a una denegación de servicio (DoS) y a la posible ejecución de código • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. El acceso fuera de límites a la memoria durante el análisis de respuestas DHCP en prvProcessDHCPReplies se puede emplear para divulgar información. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •