CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP
摘要
FreeRTOS-Plus-TCP is an open-source, scalable TCP/IP stack for FreeRTOS. We identified CVE-2026-7424, where an integer underflow issue in the DHCPv6 sub-option parser could allow an adjacent network user to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (IP task freeze requiring hardware reset).
正文
Bulletin ID: 2026-022-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/29 12:20 PM PDT Description: FreeRTOS-Plus-TCP is an open-source, scalable TCP/IP stack for FreeRTOS. We identified CVE-2026-7424, where an integer underflow issue in the DHCPv6 sub-option parser could allow an adjacent network user to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (IP task freeze requiring hardware reset). Impacted versions: FreeRTOS-Plus-TCP >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <= V4.4.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
标签
- bulletin:2026-022-aws
- severity:important-requires-attention
- vendor:aws
扩展字段
{
"author": "[email protected]",
"bulletin_id": "2026-022-AWS",
"content_type": "Important (requires attention)",
"details": {
"Bulletin ID": "2026-022-AWS",
"Content Type": "Important (requires attention)",
"Impacted versions": "FreeRTOS-Plus-TCP >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <= V4.4.0",
"Publication Date": "2026/04/29 12:20 PM PDT",
"Scope": "AWS"
},
"publication_detail": "2026/04/29 12:20 PM PDT",
"scope": "AWS"
}