CVE-2018-16598
https://notcve.org/view.php?id=CVE-2018-16598
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. En xProcessReceivedUDPPacket y prvParseDNSReply, se acepta cualquier respuesta DNS recibida sin confirmar que coincide con la petición DNS enviada. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVE-2018-16603
https://notcve.org/view.php?id=CVE-2018-16603
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker. Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. El acceso fuera de límites a los campos de los puertos de origen y destino TCP en xProcessReceivedTCPPacket puede filtrar datos a un atacante. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-16528
https://notcve.org/view.php?id=CVE-2018-16528
Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules. Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1 permite que los atacantes remotos ejecuten código arbitrario debido a la corrupción del objeto del contexto mbedTLS en prvSetupConnection y GGD_SecureConnect_Connect en los módulos de conectividad AWS TLS • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-20: Improper Input Validation •
CVE-2018-16523
https://notcve.org/view.php?id=CVE-2018-16523
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions. Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect permiten la división entre cero en prvCheckOptions. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md • CWE-369: Divide By Zero •
CVE-2018-16525
https://notcve.org/view.php?id=CVE-2018-16525
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply. Amazon Web Services (AWS) FreeRTOS hasta la versión 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect permiten que atacantes remotos ejecuten código arbitrario o filtren información debido a un desbordamiento de búfer durante el análisis de los paquetes DNS\LLMNR en prvParseDNSReply. • https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md •