Description
Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/freertos/bugs/199/
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
51.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-416
Status
published
Products (1)
amazon/freertos\+fat
160919a
Published
Nov 04, 2019
Tracked Since
Feb 18, 2026