FreeRTOS-Plus-TCP
Easy fix3 remedies
cpe:2.3:a:amazon:freertos-plus-tcp:*:*:*:*:*:*:*
Easy fix3 remedies
- >= V4.0.0, <= V4.2.5
- >= V4.3.0, <= V4.4.0
FreeRTOS-Plus-TCP MAC Address Validation Bypass Vulnerability
Vulnerability
Patched
A vulnerability in FreeRTOS-Plus-TCP versions 4.0.0 through 4.2.5 and 4.3.0 through 4.4.0 allows an adjacent network device to bypass checksum and minimum-size validation in IPv4 and IPv6 packet processing. This is achieved by spoofing the Ethernet source MAC address to match one of the device's registered endpoints. The TCP stack's loopback detection mechanism then skips the usual input validation, potentially leading to improper packet handling.
Impact
Exploitation of this vulnerability allows for the bypass of essential packet validation checks, which could be exploited to manipulate how packets are processed by the TCP/IP stack.
Remediation
Users are advised to upgrade to FreeRTOS-Plus-TCP versions 4.2.6 or 4.4.1, and to patch any forked or derivative code to incorporate these fixes.
Added: Apr 29, 2026, 7:22 PM
Updated: Apr 29, 2026, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
0.6exploitability
4.8remediation
8.3relevance
7.0threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.