CNNVD-202510-1425 Information

CNNVD ID

CNNVD-202510-1425

Related CVE

CVE-2025-11618

• CNNVD Published: 2025-10-10

Description (Chinese)

FreeRTOS-Plus-TCP是FreeRTOS开源的一种适用于 FreeRTOS 的可扩展的开源和线程安全 TCP/IP 堆栈。 FreeRTOS-Plus-TCP存在安全漏洞，该漏洞源于UDP/IPv6数据包处理代码缺少验证检查，可能导致无效指针取消引用。

Description (English)

FreeRTOS-Plus-TCP is an extended open source and linear security TCP/IP stack for FreeRTOS open source. FreeRTOS-Plus-TCP has a security loophole, which stems from the lack of validation of the UDP/IPv6 package processing code, which may lead to invalid pointer cancellations.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FreeRTOS

Published

2025-10-10

Last Modified

2026-02-24

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-023/ https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.3.4 https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-6fh9-mqxj-hmwj

Patch

https://www.freertos.org/