Primary

Context

FreeRTOS-Plus-TCP Denial-of-Service Vulnerability in IPv6 Router Advertisement Parsing

Vulnerability

Patched

A denial-of-service vulnerability has been identified in FreeRTOS-Plus-TCP versions 4.0.0 through 4.2.5 and 4.3.0 through 4.4.0. The issue arises from insufficient validation of option lengths in the IPv6 Router Advertisement parser. This flaw allows an adjacent network actor to send a crafted Router Advertisement with a truncated PREFIX_INFORMATION option, causing a device crash.

Impact

Exploitation of this vulnerability leads to a device crash, causing a denial-of-service condition.

Remediation

Users are advised to upgrade to FreeRTOS-Plus-TCP versions 4.2.6 or 4.4.1. If an immediate upgrade is not possible, consider implementing network-level filtering to block untrusted Router Advertisement packets or deploying devices on isolated network segments where rogue Router Advertisement packets cannot be injected.

Added: Apr 29, 2026, 8:19 PM

Updated: Apr 29, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

5.3

remediation

7.9

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

5.3

remediation

7.9

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRTOS-Plus-TCP Denial-of-Service Vulnerability in IPv6 Router Advertisement Parsing

Vulnerability

Impact

Remediation

Affected Products

FreeRTOS-Plus-TCP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating