CVE Vulnerability

CVE-2019-18178

Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sourceforge.net/p/freertos/bugs/199/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:amazon:freertos+fat:160919a:*:*:*:*:*:*:*
Information

Published : 2019-11-04 08:15

Updated : 2019-11-09 09:41

NVD link : CVE-2019-18178

Mitre link : CVE-2019-18178

Products Affected
No products.
CWE
CWE-416