CVE-2026-7423: CWE-191: Integer Underflow (Wrap or Wraparound) in AWS FreeRTOS-Plus-TCP
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available.
AI Analysis
Technical Summary
The vulnerability is an integer underflow (CWE-191) in FreeRTOS-Plus-TCP's ICMP and ICMPv6 echo reply handlers prior to versions 4.4.1 and 4.2.6. The issue arises because the code subtracts header sizes from a packet length field without validating that the length is large enough, resulting in a heap out-of-bounds read of about 65KB. This can be triggered by an adjacent network attacker causing a denial of service (device crash) when outgoing ping support is enabled. The vulnerability has a CVSS 3.1 base score of 5.3 (medium severity) with attack vector adjacent network, high attack complexity, no privileges required, no user interaction, and impacts availability only. AWS manages remediation for this cloud-hosted service and has released fixed versions to mitigate the issue.
Potential Impact
Successful exploitation leads to a denial of service condition by crashing the affected device due to a heap out-of-bounds read caused by integer underflow. There is no impact on confidentiality or integrity. The attack requires adjacency on the network and has high complexity, limiting exploitability. No known exploits are reported in the wild.
Mitigation Recommendations
A patch is available from AWS in FreeRTOS-Plus-TCP versions 4.4.1 and 4.2.6. Users should upgrade to these fixed versions to remediate the vulnerability. Since this is a cloud service managed by AWS, the vendor handles remediation for the cloud-hosted components. Refer to the AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-021-aws/ for official guidance and updates.
CVE-2026-7423: CWE-191: Integer Underflow (Wrap or Wraparound) in AWS FreeRTOS-Plus-TCP
Description
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability is an integer underflow (CWE-191) in FreeRTOS-Plus-TCP's ICMP and ICMPv6 echo reply handlers prior to versions 4.4.1 and 4.2.6. The issue arises because the code subtracts header sizes from a packet length field without validating that the length is large enough, resulting in a heap out-of-bounds read of about 65KB. This can be triggered by an adjacent network attacker causing a denial of service (device crash) when outgoing ping support is enabled. The vulnerability has a CVSS 3.1 base score of 5.3 (medium severity) with attack vector adjacent network, high attack complexity, no privileges required, no user interaction, and impacts availability only. AWS manages remediation for this cloud-hosted service and has released fixed versions to mitigate the issue.
Potential Impact
Successful exploitation leads to a denial of service condition by crashing the affected device due to a heap out-of-bounds read caused by integer underflow. There is no impact on confidentiality or integrity. The attack requires adjacency on the network and has high complexity, limiting exploitability. No known exploits are reported in the wild.
Mitigation Recommendations
A patch is available from AWS in FreeRTOS-Plus-TCP versions 4.4.1 and 4.2.6. Users should upgrade to these fixed versions to remediate the vulnerability. Since this is a cloud service managed by AWS, the vendor handles remediation for the cloud-hosted components. Refer to the AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-021-aws/ for official guidance and updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMZN
- Date Reserved
- 2026-04-29T14:27:49.474Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
- Vendor Advisory Urls
- [{"url":"https://aws.amazon.com/security/security-bulletins/2026-021-aws/","vendor":"AWS"}]
Threat ID: 69f256b0cbff5d86103eb48a
Added to database: 4/29/2026, 7:06:24 PM
Last enriched: 4/29/2026, 7:21:42 PM
Last updated: 4/29/2026, 8:09:54 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.