CVE-2026-7424
Received Received - Intake
Integer Underflow in FreeRTOS-Plus-TCP DHCPv6 Parser

Publication date: 2026-04-29

Last updated on: 2026-05-04

Assigner: AMZN

Description
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7424
EUVD
EUVD-2026-26277
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
amazon freertos-plus-tcp From 4.0.0 (inc) to 4.2.6 (exc)
amazon freertos-plus-tcp From 4.3.0 (inc) to 4.4.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP versions before V4.4.1 and V4.2.6.

An adjacent network actor can exploit this flaw by sending a specially crafted DHCPv6 packet.

Exploitation allows the attacker to corrupt the device's IPv6 address assignment, DNS configuration, and lease times.

Additionally, it can cause a denial of service by permanently freezing the IP task, requiring a hardware reset to recover.

Impact Analysis

The vulnerability can impact you by allowing an attacker on the adjacent network to disrupt your device's network configuration.

  • Corruption of IPv6 address assignment
  • Corruption of DNS configuration
  • Corruption of DHCP lease times
  • Denial of service through permanent IP task freeze, requiring hardware reset
Mitigation Strategies

To mitigate this issue, users should upgrade to FreeRTOS-Plus-TCP version V4.2.6 or V4.4.1 or newer.

Compliance Impact

The vulnerability allows an adjacent network attacker to corrupt IPv6 address assignment, DNS configuration, and lease times, and to cause denial of service by freezing the IP task. This can impact the availability and integrity of network services.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the potential denial of service and corruption of network configuration could indirectly affect compliance by disrupting availability and integrity of systems that handle sensitive data.

No direct information is provided about how this vulnerability impacts compliance with specific regulations.

Detection Guidance

This vulnerability involves an integer underflow in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP, which can be exploited by sending a crafted DHCPv6 packet from an adjacent network actor.

Detection on your network or system would involve monitoring DHCPv6 traffic for unusual or malformed DHCPv6 packets that could trigger the vulnerability.

A practical approach is to capture DHCPv6 packets using network packet capture tools such as tcpdump or Wireshark and analyze them for anomalies.

  • Use tcpdump to capture DHCPv6 packets: tcpdump -i <interface> 'udp and port 546 or port 547'
  • Analyze captured packets in Wireshark, filtering for DHCPv6 messages and looking for malformed or suspicious sub-options.

Additionally, monitoring device logs for IP task freezes or DHCPv6 related errors may help detect exploitation attempts.

Since the vulnerability requires DHCPv6 to be enabled, verifying the FreeRTOS-Plus-TCP version and DHCPv6 configuration can help identify vulnerable systems.

Impact Analysis

This vulnerability can impact you by allowing an attacker on an adjacent network to disrupt your device's network configuration.

  • Corruption of IPv6 address assignment
  • Corruption of DNS configuration
  • Corruption of DHCP lease times
  • Denial of service through permanent freezing of the IP task, requiring a hardware reset
Detection Guidance

The vulnerability involves an integer underflow in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP, which can be exploited by sending a crafted DHCPv6 packet from an adjacent network actor.

Detection would involve monitoring DHCPv6 traffic for unusual or malformed DHCPv6 packets that could trigger the vulnerability.

No specific detection commands or tools are provided in the available resources.

Executive Summary

CVE-2026-7424 is an integer underflow vulnerability in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP. This flaw allows an adjacent network attacker to send a specially crafted DHCPv6 packet that causes the parser to malfunction.

Exploiting this vulnerability can corrupt the device's IPv6 address assignment, DNS configuration, and lease times.

Additionally, it can cause a denial of service by permanently freezing the IP task, which requires a hardware reset to recover.

Mitigation Strategies

The primary mitigation is to upgrade FreeRTOS-Plus-TCP to version V4.4.1 or V4.2.6 or newer, where the vulnerability has been fixed.

As a temporary workaround, DHCPv6 can be disabled by setting ipconfigUSE_DHCPv6 to 0 in the FreeRTOSIPConfig.h configuration file, though this requires manual IPv6 address configuration.

Additionally, network-level filtering can be implemented to restrict DHCPv6 traffic to trusted sources to reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7424. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart