FreeRTOS-Plus-TCP IPv6 Router Advertisement Memory Corruption Vulnerability

A heap buffer overflow vulnerability has been identified in FreeRTOS-Plus-TCP versions 4.0.0 through 4.2.5 and 4.3.0 through 4.4.0. The issue arises from insufficient validation of the prefix length field in IPv6 Router Advertisement processing. An adjacent network actor can exploit this vulnerability by sending a crafted Router Advertisement with an excessively large prefix length, leading to memory corruption. This vulnerability does not affect users who only process IPv4 Router Advertisements.

Impact

Exploitation of this vulnerability causes memory corruption due to a heap buffer overflow, which can potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Remediation

Users are advised to upgrade to FreeRTOS-Plus-TCP versions 4.2.6 or 4.4.1. If an immediate upgrade is not possible, consider implementing network-level filtering to block untrusted Router Advertisement packets or deploying devices on isolated network segments where rogue Router Advertisement packets cannot be injected.