← Retour aux CVEs
CVE-2026-7425
MEDIUM6.5
Description
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smaller than the expected structure size. To mitigate this issue, users should upgrade to the fixed version when available.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/29/2026
Derniere modification5/4/2026
Sourcenvd
Observations honeypot0
Produits affectes
amazon:freertos-plus-tcp
Faiblesses (CWE)
CWE-125
References
https://aws.amazon.com/security/security-bulletins/2026-023-aws/(ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.2.6(ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.4.1(ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-gffr-xgjg-jh9j(ff89ba41-3aa1-4d27-914a-91399e9639e5)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.