Executive Summary

This vulnerability is an invalid pointer dereference in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code. It occurs when the software receives a UDP/IPv6 packet with an incorrect IP version field in the packet header. Because of missing validation checks, this can cause the system to dereference a NULL or invalid pointer, potentially leading to a crash or exit. This issue only affects applications using IPv6 and was fixed in version 4.3.4. [2, 1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can cause the affected application to crash or exit unexpectedly due to dereferencing a NULL pointer when processing malformed UDP/IPv6 packets. This results in a denial of service or loss of availability for the affected system. There is no impact on confidentiality or integrity. [2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves processing UDP/IPv6 packets with an incorrect IP version field leading to invalid pointer dereference. Detection would involve monitoring for crashes or abnormal exits of FreeRTOS-Plus-TCP network stack when handling IPv6 UDP packets. Since the issue arises from malformed IPv6 packets with incorrect IP version fields, network packet capture tools (e.g., tcpdump or Wireshark) can be used to inspect incoming UDP/IPv6 packets for invalid IP version fields. However, no specific detection commands or signatures are provided in the resources. Therefore, detection primarily relies on monitoring system stability and analyzing network traffic for malformed IPv6 UDP packets. [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade FreeRTOS-Plus-TCP to version 4.3.4 or later, where this vulnerability has been fixed by adding appropriate validation checks. If using forked or derivative code, ensure that patches incorporating these fixes are applied. No workarounds are available, so upgrading is the recommended action to prevent crashes caused by this vulnerability. [1, 2]

Useful 0 Not Useful 0