Overview
FreeRTOS has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-38373
- FreeRTOS-Plus-TCP versions: 4.0.0, 4.1.0
Resolved Vulnerabilities
Buffer overread issue in the DNS response parser when parsing domain names in DNS responses originating from .FreeRTOS-Plus-TCP (CVE-2024-38373)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-38373
- FreeRTOS-Plus-TCP version: 4.1.1 or later
Referenced Sites
[1] CVE-2024-38373 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-38373
[2] Buffer Over-Read (CWE-126) in DNS Response Parser
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv
Article Link: FreeRTOS Product Security Update Advisory (CVE-2024-38373) – ASEC