← Zuruck zu CVEs

CVE-2026-7426

HIGH

8.1

Beschreibung

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted. To mitigate this issue, users should upgrade to the fixed version when available.

CVE Details

CVSS v3.1 Bewertung8.1

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AngriffsvektorADJACENT_NETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht4/29/2026

Zuletzt geandert5/4/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

amazon:freertos-plus-tcp

Schwachen (CWE)

CWE-787

Referenzen

https://aws.amazon.com/security/security-bulletins/2026-023-aws/(ff89ba41-3aa1-4d27-914a-91399e9639e5)

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.2.6(ff89ba41-3aa1-4d27-914a-91399e9639e5)

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.4.1(ff89ba41-3aa1-4d27-914a-91399e9639e5)

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-97qg-4359-xm3x(ff89ba41-3aa1-4d27-914a-91399e9639e5)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.