CVE-2018-16598

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.
Configurations

Configuration 1

cpe:2.3:a:amazon:amazon_web_services_freertos:*:*:*:*:*:*:*:*
cpe:2.3:a:amazon:freertos:*:*:*:*:*:*:*:*

Information

Published : 2018-12-06 11:29

Updated : 2019-01-04 12:00


NVD link : CVE-2018-16598

Mitre link : CVE-2018-16598

Products Affected
No products.
CWE