CVE-2026-7424: CWE-191: Integer Underflow (Wrap or Wraparound) in AWS FreeRTOS-Plus-TCP
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.
AI Analysis
Technical Summary
An integer underflow (CWE-191) exists in the DHCPv6 sub-option parser of Amazon FreeRTOS-Plus-TCP prior to versions 4.4.1 and 4.2.6. Exploitation by an adjacent network actor sending a crafted DHCPv6 packet can corrupt device IPv6 address assignment, DNS settings, and lease times, and cause a denial of service by permanently freezing the IP task, necessitating a hardware reset. The vulnerability affects devices with DHCPv6 enabled. The vendor advisory recommends upgrading to fixed versions 4.2.6 or 4.4.1 or later.
Potential Impact
The vulnerability allows an adjacent network attacker to disrupt IPv6 network configuration on affected devices, leading to corrupted IP address assignment, DNS configuration, and lease times. It also enables denial of service by causing the IP task to freeze permanently, requiring a hardware reset to recover. There is no indication of confidentiality impact. The CVSS 3.1 base score is 8.1 (High), reflecting high impact on integrity and availability with low attack complexity and no required privileges or user interaction.
Mitigation Recommendations
Users should upgrade Amazon FreeRTOS-Plus-TCP to version 4.2.6, 4.4.1, or newer as recommended by the AWS security advisory (https://aws.amazon.com/security/security-bulletins/2026-022-aws/). This is the official fix addressing the integer underflow vulnerability. No other mitigations are indicated or required once the upgrade is applied.
CVE-2026-7424: CWE-191: Integer Underflow (Wrap or Wraparound) in AWS FreeRTOS-Plus-TCP
Description
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An integer underflow (CWE-191) exists in the DHCPv6 sub-option parser of Amazon FreeRTOS-Plus-TCP prior to versions 4.4.1 and 4.2.6. Exploitation by an adjacent network actor sending a crafted DHCPv6 packet can corrupt device IPv6 address assignment, DNS settings, and lease times, and cause a denial of service by permanently freezing the IP task, necessitating a hardware reset. The vulnerability affects devices with DHCPv6 enabled. The vendor advisory recommends upgrading to fixed versions 4.2.6 or 4.4.1 or later.
Potential Impact
The vulnerability allows an adjacent network attacker to disrupt IPv6 network configuration on affected devices, leading to corrupted IP address assignment, DNS configuration, and lease times. It also enables denial of service by causing the IP task to freeze permanently, requiring a hardware reset to recover. There is no indication of confidentiality impact. The CVSS 3.1 base score is 8.1 (High), reflecting high impact on integrity and availability with low attack complexity and no required privileges or user interaction.
Mitigation Recommendations
Users should upgrade Amazon FreeRTOS-Plus-TCP to version 4.2.6, 4.4.1, or newer as recommended by the AWS security advisory (https://aws.amazon.com/security/security-bulletins/2026-022-aws/). This is the official fix addressing the integer underflow vulnerability. No other mitigations are indicated or required once the upgrade is applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMZN
- Date Reserved
- 2026-04-29T14:27:50.756Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://aws.amazon.com/security/security-bulletins/2026-022-aws/","vendor":"AWS"}]
- Is Cloud Service
- true
Threat ID: 69f256b0cbff5d86103eb491
Added to database: 4/29/2026, 7:06:24 PM
Last enriched: 4/29/2026, 7:21:28 PM
Last updated: 4/29/2026, 8:09:54 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.