CVE-2025-11618
MEDIUMAmazon Freertos-plus-tcp < 4.3.4 - NULL Pointer Dereference
Title source: ruleDescription
A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.
Scores
CVSS v3
4.3
EPSS
0.0004
EPSS Percentile
11.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Classification
CWE
CWE-476
Status
published
Affected Products (1)
amazon/freertos-plus-tcp
< 4.3.4
Timeline
Published
Oct 10, 2025
Tracked Since
Feb 18, 2026