Vulnerability DatabaseCVE-2026-7423
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-7423
Published:April 29, 2026
Updated:May 18, 2026
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available.
Affected Packages
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP.git (GITHUB):
Affected version(s) >=V2.2.2 <V4.2.6
Fix Suggestion:
Update to version V4.2.6
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP.git (GITHUB):
Affected version(s) =V4.4.0 <V4.4.1
Fix Suggestion:
Update to version V4.4.1
Related Resources (4)
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.2.6
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.4.1
https://aws.amazon.com/security/security-bulletins/2026-021-aws/
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-7r59-2pgv-9v2r
Do you need more information?
Contact Us
CVSS v4
Base Score:
6
Attack Vector
ADJACENT
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Integer Underflow (Wrap or Wraparound)
CWE-191
EPSS
Base Score:
0.02