CVE-2026-7425: CWE-125: Out-of-bounds Read in AWS FreeRTOS-Plus-TCP
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smaller than the expected structure size. To mitigate this issue, users should upgrade to the fixed version when available.
AI Analysis
Technical Summary
This vulnerability arises from insufficient validation of option length in the IPv6 Router Advertisement parser within FreeRTOS-Plus-TCP prior to versions 4.2.6 and 4.4.1. Specifically, a truncated PREFIX_INFORMATION option smaller than the expected structure size can trigger an out-of-bounds read, leading to a device crash (denial of service). The flaw affects versions 4.0.0 and 4.3.0. AWS provides a vendor advisory and manages remediation for this cloud-hosted service. The CVSS 3.1 vector indicates the attack requires adjacent network access, no privileges or user interaction, and impacts availability only.
Potential Impact
Successful exploitation results in a denial of service condition due to device crash caused by an out-of-bounds read in the IPv6 Router Advertisement parser. There is no impact on confidentiality or integrity. The attack requires an adjacent network attacker to send a specially crafted Router Advertisement packet.
Mitigation Recommendations
A patch is available in FreeRTOS-Plus-TCP versions 4.2.6 and 4.4.1. Users should upgrade to these fixed versions to mitigate the vulnerability. Since this is a cloud-hosted service managed by AWS, remediation is typically handled by the vendor. Refer to the AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-023-aws/ for official guidance and patch availability.
CVE-2026-7425: CWE-125: Out-of-bounds Read in AWS FreeRTOS-Plus-TCP
Description
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smaller than the expected structure size. To mitigate this issue, users should upgrade to the fixed version when available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from insufficient validation of option length in the IPv6 Router Advertisement parser within FreeRTOS-Plus-TCP prior to versions 4.2.6 and 4.4.1. Specifically, a truncated PREFIX_INFORMATION option smaller than the expected structure size can trigger an out-of-bounds read, leading to a device crash (denial of service). The flaw affects versions 4.0.0 and 4.3.0. AWS provides a vendor advisory and manages remediation for this cloud-hosted service. The CVSS 3.1 vector indicates the attack requires adjacent network access, no privileges or user interaction, and impacts availability only.
Potential Impact
Successful exploitation results in a denial of service condition due to device crash caused by an out-of-bounds read in the IPv6 Router Advertisement parser. There is no impact on confidentiality or integrity. The attack requires an adjacent network attacker to send a specially crafted Router Advertisement packet.
Mitigation Recommendations
A patch is available in FreeRTOS-Plus-TCP versions 4.2.6 and 4.4.1. Users should upgrade to these fixed versions to mitigate the vulnerability. Since this is a cloud-hosted service managed by AWS, remediation is typically handled by the vendor. Refer to the AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-023-aws/ for official guidance and patch availability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMZN
- Date Reserved
- 2026-04-29T14:27:51.904Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
- Vendor Advisory Urls
- [{"url":"https://aws.amazon.com/security/security-bulletins/2026-023-aws/","vendor":"AWS"}]
Threat ID: 69f25db7cbff5d861043482f
Added to database: 4/29/2026, 7:36:23 PM
Last enriched: 4/29/2026, 7:51:33 PM
Last updated: 4/29/2026, 8:45:16 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.