CVE-2026-7425
Denial of Service in FreeRTOS-Plus-TCP IPv6 Router Advertisement Parser
Publication date: 2026-04-29
Last updated on: 2026-05-04
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | freertos-plus-tcp | From 4.0.0 (inc) to 4.2.6 (exc) |
| amazon | freertos-plus-tcp | From 4.3.0 (inc) to 4.4.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by insufficient validation of the option length in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP versions before V4.2.6 and V4.4.1.
An attacker on an adjacent network can exploit this by sending a specially crafted Router Advertisement message that contains a truncated PREFIX_INFORMATION option smaller than the expected size.
This causes the device to crash, resulting in a denial of service.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition.
An attacker on the same network can cause the affected device to crash by sending a malformed Router Advertisement message.
This can disrupt device availability and network operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this issue, users should upgrade to the fixed version of FreeRTOS-Plus-TCP when it becomes available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability primarily causes a denial of service (device crash) by processing malformed IPv6 Router Advertisement packets, impacting availability but not confidentiality or integrity.
There is no direct information provided about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves malformed IPv6 Router Advertisement (RA) packets with truncated PREFIX_INFORMATION options. Detection involves monitoring for unusual or malformed RA packets on the local network.
Network administrators can use packet capture and analysis tools such as tcpdump or Wireshark to detect suspicious RA packets.
- Use tcpdump to capture IPv6 Router Advertisement packets: tcpdump -i <interface> icmp6 and ip6[40] == 134
- Analyze captured packets in Wireshark to inspect the Router Advertisement options, specifically looking for PREFIX_INFORMATION options that are smaller than expected.
- Set up network-level filtering or intrusion detection rules to alert on or block malformed RA packets with truncated options.
Since the vulnerability is triggered by crafted RA packets with insufficient length validation, detecting packets with truncated or malformed PREFIX_INFORMATION options is key.
Can you explain this vulnerability to me?
CVE-2026-7425 is a vulnerability in FreeRTOS-Plus-TCP's IPv6 Router Advertisement (RA) parser. It occurs because the software does not properly validate the length of certain options in RA packets, specifically the PREFIX_INFORMATION option. This insufficient validation allows an attacker on the same local network to send a specially crafted RA packet with a truncated option that is smaller than expected, causing the device to crash due to out-of-bounds memory access.
The flaw affects versions before V4.2.6 and V4.4.1 and can lead to denial of service by crashing the device processing these malformed packets.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) condition by crashing devices running vulnerable versions of FreeRTOS-Plus-TCP when they receive maliciously crafted IPv6 Router Advertisement packets.
An attacker on the local network can exploit this without authentication or user interaction, potentially disrupting device availability and network operations.
There is no direct impact on confidentiality or integrity, but the availability impact is considered high.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should upgrade FreeRTOS-Plus-TCP to version V4.2.6 or V4.4.1 or later, where the issue has been fixed with additional input validation rejecting malformed Router Advertisement packets.
If immediate upgrading is not possible, network-level mitigations include implementing filtering to block untrusted or malformed IPv6 Router Advertisement packets and deploying devices on isolated network segments to prevent rogue RA packet injection.