Vulnerability Description
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Freertos-Plus-Tcp | >= 4.0.0, < 4.2.6 |
Related Weaknesses (CWE)
References
- https://aws.amazon.com/security/security-bulletins/2026-021-aws/Vendor Advisory
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.2.6Release Notes
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.4.1Release Notes
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-7r59-2pgvVendor AdvisoryPatch
FAQ
What is CVE-2026-7423?
CVE-2026-7423 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing pin...
How severe is CVE-2026-7423?
CVE-2026-7423 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-7423?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Freertos-Plus-Tcp.