CVE-2025-5688
BaseFortify
Publication date: 2025-06-04
Last updated on: 2025-10-14
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5688 is a buffer overflow vulnerability in FreeRTOS-Plus-TCP's handling of LLMNR or mDNS queries with very long DNS names. It affects systems using Buffer Allocation Scheme 1, which allocates buffers from a fixed-size pool. When processing these long DNS names, an out-of-bounds write can occur, potentially leading to memory corruption. This issue impacts specific versions of FreeRTOS-Plus-TCP and has been fixed in version 4.3.2. [1]
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption due to out-of-bounds writes when processing certain network queries. This may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or disrupt network services on affected devices running vulnerable versions of FreeRTOS-Plus-TCP with Buffer Allocation Scheme 1 and LLMNR or mDNS enabled. [1]
What immediate steps should I take to mitigate this vulnerability?
Upgrade to FreeRTOS-Plus-TCP version 4.3.2 or later, and ensure any forked or derivative code is patched to incorporate the fixes. There are no available workarounds, so upgrading is the recommended mitigation. [1]