CVE-2026-7424
Integer Underflow in FreeRTOS-Plus-TCP DHCPv6 Parser
Publication date: 2026-04-29
Last updated on: 2026-05-04
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | freertos-plus-tcp | From 4.0.0 (inc) to 4.2.6 (exc) |
| amazon | freertos-plus-tcp | From 4.3.0 (inc) to 4.4.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7424 is an integer underflow vulnerability in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP. This flaw allows an adjacent network attacker to send a specially crafted DHCPv6 packet that causes the parser to malfunction.
Exploiting this vulnerability can corrupt the device's IPv6 address assignment, DNS configuration, and lease times.
Additionally, it can cause a denial of service by permanently freezing the IP task, which requires a hardware reset to recover.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade FreeRTOS-Plus-TCP to version V4.4.1 or V4.2.6 or newer, where the vulnerability has been fixed.
As a temporary workaround, DHCPv6 can be disabled by setting ipconfigUSE_DHCPv6 to 0 in the FreeRTOSIPConfig.h configuration file, though this requires manual IPv6 address configuration.
Additionally, network-level filtering can be implemented to restrict DHCPv6 traffic to trusted sources to reduce exposure.
Can you explain this vulnerability to me?
This vulnerability is an integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP versions before V4.4.1 and V4.2.6.
An adjacent network actor can exploit this flaw by sending a specially crafted DHCPv6 packet.
Exploitation allows the attacker to corrupt the device's IPv6 address assignment, DNS configuration, and lease times.
Additionally, it can cause a denial of service by permanently freezing the IP task, requiring a hardware reset to recover.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker on the adjacent network to disrupt your device's network configuration.
- Corruption of IPv6 address assignment
- Corruption of DNS configuration
- Corruption of DHCP lease times
- Denial of service through permanent IP task freeze, requiring hardware reset
What immediate steps should I take to mitigate this vulnerability?
To mitigate this issue, users should upgrade to FreeRTOS-Plus-TCP version V4.2.6 or V4.4.1 or newer.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an adjacent network attacker to corrupt IPv6 address assignment, DNS configuration, and lease times, and to cause denial of service by freezing the IP task. This can impact the availability and integrity of network services.
While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the potential denial of service and corruption of network configuration could indirectly affect compliance by disrupting availability and integrity of systems that handle sensitive data.
No direct information is provided about how this vulnerability impacts compliance with specific regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an integer underflow in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP, which can be exploited by sending a crafted DHCPv6 packet from an adjacent network actor.
Detection on your network or system would involve monitoring DHCPv6 traffic for unusual or malformed DHCPv6 packets that could trigger the vulnerability.
A practical approach is to capture DHCPv6 packets using network packet capture tools such as tcpdump or Wireshark and analyze them for anomalies.
- Use tcpdump to capture DHCPv6 packets: tcpdump -i <interface> 'udp and port 546 or port 547'
- Analyze captured packets in Wireshark, filtering for DHCPv6 messages and looking for malformed or suspicious sub-options.
Additionally, monitoring device logs for IP task freezes or DHCPv6 related errors may help detect exploitation attempts.
Since the vulnerability requires DHCPv6 to be enabled, verifying the FreeRTOS-Plus-TCP version and DHCPv6 configuration can help identify vulnerable systems.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker on an adjacent network to disrupt your device's network configuration.
- Corruption of IPv6 address assignment
- Corruption of DNS configuration
- Corruption of DHCP lease times
- Denial of service through permanent freezing of the IP task, requiring a hardware reset
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves an integer underflow in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP, which can be exploited by sending a crafted DHCPv6 packet from an adjacent network actor.
Detection would involve monitoring DHCPv6 traffic for unusual or malformed DHCPv6 packets that could trigger the vulnerability.
No specific detection commands or tools are provided in the available resources.