Primary

Context

FreeRTOS-Plus-TCP Buffer Overflow Vulnerability in LLMNR and mDNS Query Processing

Vulnerability

Patched

A buffer overflow vulnerability allowing out-of-bounds write has been identified in FreeRTOS-Plus-TCP. This issue arises when processing LLMNR or mDNS queries that contain very long DNS names. The vulnerability affects systems using Buffer Allocation Scheme 1, with LLMNR or mDNS enabled. Affected versions include FreeRTOS-Plus-TCP v2.3.4 through v4.3.1 (with LLMNR) and v4.0.0 through v4.3.1 (with mDNS).

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for out-of-bounds write, which can potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Remediation

Users are advised to upgrade to FreeRTOS-Plus-TCP version 4.3.2 and ensure that any forked or derivative code is also updated to include the latest fixes.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRTOS-Plus-TCP Buffer Overflow Vulnerability in LLMNR and mDNS Query Processing

Vulnerability

Impact

Remediation

Affected Products

Amazon FreeRTOS-Plus-TCP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating