Primary

Context

FreeRTOS-Plus-TCP Invalid Pointer Dereference Vulnerability in UDP/IPv6 Packet Processing

Vulnerability

Patched

A vulnerability exists in FreeRTOS-Plus-TCP versions 4.0.0 prior to 4.3.3, when IPv6 support is enabled. The issue arises from a missing validation check in the UDP/IPv6 packet processing code, allowing an invalid pointer dereference. This occurs when a UDP/IPv6 packet is received with an incorrect IP version field, leading to the processing of these invalid packets instead of rejecting them. The flaw only impacts applications using IPv6.

Impact

Exploitation of this vulnerability causes an invalid pointer dereference, which can lead to memory access errors or crashes.

Remediation

Users are advised to upgrade to FreeRTOS-Plus-TCP version 4.3.4. For those using forked or derivative code, ensure it is patched to incorporate the latest fixes.

Added: Oct 10, 2025, 6:22 PM

Updated: Oct 10, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRTOS-Plus-TCP Invalid Pointer Dereference Vulnerability in UDP/IPv6 Packet Processing

Vulnerability

Impact

Remediation

Affected Products

FreeRTOS-Plus-TCP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating