CVE-2018-16523

HIGH

Amazon Web Services Freertos < 1.3.1 - Divide By Zero

Title source: rule

Description

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.

References (3)

[Exploit, Third Party Advisory] https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/

[Third Party Advisory] https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/

[Release Notes, Third Party Advisory] https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.4

EPSS 0.0059

EPSS Percentile 68.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Classification

CWE

CWE-369

Status published

Affected Products (2)

amazon/amazon_web_services_freertos < 1.3.1

amazon/freertos < 10.0.1

Timeline

Published Dec 06, 2018

Tracked Since Feb 18, 2026