Ori Karliner

9 exploits Active since Dec 2018
CVE-2018-16522 WRITEUP HIGH WRITEUP
Amazon Web Services (AWS) FreeRTOS <1.3.1 - Memory Corruption
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
CVSS 8.1
CVE-2018-16523 WRITEUP HIGH WRITEUP
Amazon Web Services Freertos < 1.3.1 - Divide By Zero
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
CVSS 7.4
CVE-2018-16527 WRITEUP MEDIUM WRITEUP
Amazon Web Services Freertos < 1.3.1 - Information Disclosure
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.
CVSS 5.9
CVE-2018-16528 WRITEUP HIGH WRITEUP
Amazon Web Services Freertos < 1.3.1 - Improper Input Validation
Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.
CVSS 8.1
CVE-2018-16598 WRITEUP MEDIUM WRITEUP
AWS FreeRTOS <10.0.1 - Info Disclosure
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.
CVSS 5.9
CVE-2018-16599 WRITEUP MEDIUM WRITEUP
Amazon Web Services Freertos < 1.3.1 - Information Disclosure
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.
CVSS 5.9
CVE-2018-16601 WRITEUP HIGH WRITEUP
Amazon Web Services Freertos < 1.3.1 - Integer Underflow
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.
CVSS 8.1
CVE-2018-16602 WRITEUP MEDIUM WRITEUP
Amazon Web Services Freertos < 1.3.1 - Information Disclosure
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.
CVSS 5.9
CVE-2018-16603 WRITEUP MEDIUM WRITEUP
Amazon Web Services Freertos < 1.3.1 - Information Disclosure
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.
CVSS 5.9