FreeRTOS Product Security Update Advisory (CVE-2024-38373)

Malware News
1

Overview

 

FreeRTOS has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-38373

  • FreeRTOS-Plus-TCP versions: 4.0.0, 4.1.0

 

 

Resolved Vulnerabilities

 

Buffer overread issue in the DNS response parser when parsing domain names in DNS responses originating from .FreeRTOS-Plus-TCP (CVE-2024-38373)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-38373

  • FreeRTOS-Plus-TCP version: 4.1.1 or later

 

 

Referenced Sites

[1] CVE-2024-38373 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38373

[2] Buffer Over-Read (CWE-126) in DNS Response Parser

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv

Article Link: FreeRTOS Product Security Update Advisory (CVE-2024-38373) – ASEC