CVE-2026-7423

Summary

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB.

To mitigate this issue, users should upgrade to the fixed version when available.

Affected Software

VendorProductVersion RangeStatus
AWSFreeRTOS-Plus-TCP4.0.0 < 4.2.6affected
AWSFreeRTOS-Plus-TCP4.3.0 < 4.4.1affected
AWSFreeRTOS-Plus-TCP4.2.6unaffected
AWSFreeRTOS-Plus-TCP4.4.1unaffected

Weaknesses

  • CWE-191: CWE-191: Integer Underflow (Wrap or Wraparound)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References