CVE-2025-11616
BaseFortify
Publication date: 2025-10-10
Last updated on: 2025-10-31
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | freertos-plus-tcp | From 4.0.0 (inc) to 4.3.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer over-read in FreeRTOS-Plus-TCP's ICMPv6 packet processing code. It occurs when the stack receives ICMPv6 packets of certain message types that are smaller than expected, causing the code to read beyond the allocated buffer boundaries. This issue affects versions 4.0.0 through 4.3.3 of FreeRTOS-Plus-TCP when IPv6 support is enabled and is due to missing validation checks on packet sizes. [2]
How can this vulnerability impact me? :
The vulnerability can lead to an out-of-bounds read, which may cause application crashes or unexpected behavior. Although the confidentiality and integrity impacts are low or none, the availability impact is low, meaning it could potentially disrupt service or cause denial of service conditions. An attacker could exploit this remotely with low complexity and low privileges without user interaction. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade FreeRTOS-Plus-TCP to version 4.3.4 or later. Additionally, ensure that any forked or derivative code is patched to incorporate the fixes. There are no available workarounds, so upgrading is the recommended immediate step. [2]