CVE-2025-11617
BaseFortify
Publication date: 2025-10-10
Last updated on: 2025-10-31
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | freertos-plus-tcp | From 4.0.0 (inc) to 4.3.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer over-read in FreeRTOS-Plus-TCP's IPv6 packet processing code. When an IPv6 packet with an incorrect payload length in its header is received, the software reads beyond the allocated memory buffer, potentially exposing unauthorized memory contents. It only affects applications using IPv6 in FreeRTOS-Plus-TCP versions 4.0.0 through 4.3.3 and was fixed in version 4.3.4. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized reading of memory beyond intended boundaries, which may expose sensitive data. It has a moderate severity with a CVSS score of 5.4. The impact includes limited confidentiality loss and minor availability impact. Exploitation requires low privileges and no user interaction, and it can be triggered remotely over the network. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade FreeRTOS-Plus-TCP to version 4.3.4 or later, which contains the patch for this issue. There are no available workarounds, so applying the official fix is strongly recommended. Additionally, ensure that any forked or derivative code is also patched to incorporate the fix. [1]