Approved changes feed: RSS · Atom
cpe:2.3:a:amazon:freertos:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Amazon (0ed129a9-8e26-53dc-aefe-55957e638c30) |
|---|---|
| Product | Freertos (da34371a-518d-5ff1-b2f6-64e7581cd255) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/aws/amazon-freertos |
purl2cpe | 2026-06-01 10:12:13.199126 |
pkg:github/freertos/freertos |
purl2cpe | 2026-06-01 10:12:13.199127 |
pkg:github/freertos/freertos-kernel |
purl2cpe | 2026-06-01 10:12:13.199129 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-5688 |
vulnerable | 2026-06-03 15:07:54.368918 |
Out of Bounds Write in FreeRTOS-Plus-TCP
We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled.
Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.
Published: 2025-06-04T17:09:54.718Z
Updated: 2025-10-14T18:05:10.779Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16603 |
vulnerable | 2026-06-03 14:38:20.815804 |
Details available
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:32:52.265Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16602 |
vulnerable | 2026-06-03 14:38:20.815482 |
Details available
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:32:52.259Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16601 |
vulnerable | 2026-06-03 14:38:20.815166 |
Details available
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:32.905Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16600 |
vulnerable | 2026-06-03 14:38:20.814836 |
Details available
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:32.933Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16599 |
vulnerable | 2026-06-03 14:38:20.814504 |
Details available
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:33.002Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16598 |
vulnerable | 2026-06-03 14:38:20.814137 |
Details available
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:32.998Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16527 |
vulnerable | 2026-06-03 14:38:20.605453 |
Details available
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:32.866Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16526 |
vulnerable | 2026-06-03 14:38:20.605123 |
Details available
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:32.666Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16525 |
vulnerable | 2026-06-03 14:38:20.604782 |
Details available
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:32.864Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16524 |
vulnerable | 2026-06-03 14:38:20.604419 |
Details available
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:32.664Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16523 |
vulnerable | 2026-06-03 14:38:20.603968 |
Details available
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
Published: 2018-12-06T23:00:00.000Z
Updated: 2024-08-05T10:24:32.701Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.