cvelistv5 - CVE-2018-16602

CVE-2018-16602 (GCVE-0-2018-16602)

Vulnerability from cvelistv5

Published

2018-12-06 23:00

Modified

2024-08-05 10:32

Severity ?

CWE

Summary

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2018-16602

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-16602

Aliases

CVE-2018-16602

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16602",
    "description": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.",
    "id": "GSD-2018-16602"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16602"
      ],
      "details": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.",
      "id": "GSD-2018-16602",
      "modified": "2023-12-13T01:22:25.824297Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-16602",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
            "refsource": "CONFIRM",
            "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
          },
          {
            "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
            "refsource": "MISC",
            "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
          },
          {
            "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
            "refsource": "MISC",
            "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:amazon:freertos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:amazon:amazon_web_services_freertos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16602"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
            },
            {
              "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
            },
            {
              "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-01-03T23:59Z",
      "publishedDate": "2018-12-06T23:29Z"
    }
  }
}

fkie_cve-2018-16602

Vulnerability from fkie_nvd

Published

2018-12-06 23:29

Modified

2024-11-21 03:53

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/	Exploit, Third Party Advisory
cve@mitre.org	https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/	Third Party Advisory
cve@mitre.org	https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md	Release Notes, Third Party Advisory

Impacted products

	Vendor	Product	Version
	amazon	amazon_web_services_freertos	*
	amazon	freertos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:amazon:amazon_web_services_freertos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EADBC4B-05C5-4588-B0D8-DDAF318DFEB1",
              "versionEndIncluding": "1.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:amazon:freertos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A645BC4-5A25-47D4-BBA3-BA199C48FE3C",
              "versionEndIncluding": "10.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versi\u00f3n 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. El acceso fuera de l\u00edmites a la memoria durante el an\u00e1lisis de respuestas DHCP en prvProcessDHCPReplies se puede emplear para divulgar informaci\u00f3n."
    }
  ],
  "id": "CVE-2018-16602",
  "lastModified": "2024-11-21T03:53:02.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-06T23:29:01.127",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

sca-2025-0003

Vulnerability from csaf_sick

Published

2025-02-28 00:00

Modified

2025-05-20 11:00

Summary

FreeRTOS Vulnerabilities have no impact on SICK Products

Notes

summary

FreeRTOS has several known vulnerabilities and is used in various SICK products. A current analysis confirms that the identified vulnerabilities in FreeRTOS do not affect the mentioned SICK products. At this time, there is no indication of any potential risks to these SICK products.

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "FreeRTOS has several known vulnerabilities and is used in various SICK products. A current analysis confirms that the identified vulnerabilities in FreeRTOS do not affect the mentioned SICK products. At this time, there is no indication of any potential risks to these SICK products.",
        "title": "summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0003.json"
      }
    ],
    "title": "FreeRTOS Vulnerabilities have no impact on SICK Products",
    "tracking": {
      "current_release_date": "2025-05-20T11:00:00.000Z",
      "generator": {
        "date": "2025-05-13T08:12:25.055Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.25"
        }
      },
      "id": "SCA-2025-0003",
      "initial_release_date": "2025-02-28T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-02-28T11:00:00.000Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-05-20T11:00:00.000Z",
          "number": "2",
          "summary": "Added two products: ANS58 and ANM58. Both have the product status \u0027Known Not Affected\u0027."
        },
        {
          "date": "2025-07-30T07:30:49.000Z",
          "number": "3",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 all versions",
                      "product_id": "CSAFPID-0001",
                      "product_identification_helper": {
                        "skus": [
                          "1128426",
                          "1128427",
                          "1128428",
                          "1128429",
                          "1128430",
                          "1128431",
                          "1128432",
                          "1128433",
                          "1128434",
                          "1128435",
                          "1128436",
                          "1128437",
                          "1128438",
                          "1128439",
                          "1128440"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 A/P all versions",
                      "product_id": "CSAFPID-0002",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102633",
                          "1102634",
                          "1102635",
                          "1102636",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 A/P"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 LT Muting A/P  all versions",
                      "product_id": "CSAFPID-0003",
                      "product_identification_helper": {
                        "skus": [
                          "1110584",
                          "1108692",
                          "1108691"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 LT Muting A/P "
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 Core A/P  all versions",
                      "product_id": "CSAFPID-0004",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102644",
                          "1102645",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 Core A/P "
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem2 Core A/P all versions",
                      "product_id": "CSAFPID-0005",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102646",
                          "1102647",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem2 Core A/P"
              }
            ],
            "category": "product_family",
            "name": "deTem"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTec4 all versions",
                      "product_id": "CSAFPID-0006",
                      "product_identification_helper": {
                        "skus": [
                          "1116161",
                          "1116162",
                          "1116163",
                          "1116164",
                          "1116165",
                          "1116166",
                          "1116167",
                          "1220084",
                          "1220085",
                          "1220086",
                          "1220087",
                          "1220088",
                          "1220089",
                          "1220090",
                          "1220091",
                          "1220092",
                          "1220093",
                          "1220094",
                          "1220095",
                          "1220096",
                          "1220097",
                          "1220098",
                          "1220099",
                          "1220100",
                          "1220101",
                          "1220102",
                          "1220103",
                          "1220104",
                          "1220105",
                          "1220106",
                          "1220107",
                          "1220108",
                          "1220109",
                          "1220110",
                          "1220111",
                          "1220112",
                          "1220113",
                          "1220114",
                          "1220115",
                          "1220116",
                          "1220117",
                          "1220118",
                          "1220119",
                          "1220120",
                          "1220121",
                          "1220122",
                          "1220123",
                          "1220124",
                          "1220125",
                          "1220126",
                          "1220127",
                          "1220128",
                          "1220129",
                          "1220130",
                          "1220131",
                          "1220132",
                          "1220134",
                          "1220135",
                          "1220136",
                          "1220137",
                          "1220138",
                          "1220139",
                          "1220140",
                          "1220141",
                          "1220142",
                          "1220143",
                          "1220144",
                          "1220145",
                          "1220146",
                          "1220147",
                          "1220148",
                          "1220149",
                          "1220150",
                          "1220151",
                          "1220152",
                          "1220153",
                          "1220154",
                          "1220155",
                          "1220156",
                          "1220157",
                          "1220158",
                          "1220159",
                          "1220160",
                          "1220161",
                          "1220162",
                          "1220639",
                          "1220640",
                          "1220641",
                          "1220642",
                          "1220643",
                          "1220644",
                          "1220645",
                          "1220646",
                          "1220647",
                          "1220648",
                          "1220649",
                          "1220650",
                          "1220651"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTec4"
              }
            ],
            "category": "product_family",
            "name": "deTec4"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK scanGrid2 all versions",
                      "product_id": "CSAFPID-0007",
                      "product_identification_helper": {
                        "skus": [
                          "1101561",
                          "1109414"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "scanGrid2"
              }
            ],
            "category": "product_family",
            "name": "scanGrid2"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK DMM4 all versions",
                      "product_id": "CSAFPID-0008",
                      "product_identification_helper": {
                        "skus": [
                          "1125562"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "DMM4"
              }
            ],
            "category": "product_family",
            "name": "DMM4"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK safeVisionary2 all versions",
                      "product_id": "CSAFPID-0009",
                      "product_identification_helper": {
                        "skus": [
                          "1116398"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "safeVisionary2"
              }
            ],
            "category": "product_family",
            "name": "safeVisionary2"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK FXL1 all versions",
                      "product_id": "CSAFPID-0010",
                      "product_identification_helper": {
                        "skus": [
                          "1101320",
                          "1101321",
                          "1101322",
                          "1101323",
                          "1101324",
                          "1101325",
                          "1120827",
                          "1120828",
                          "1122586",
                          "1122587",
                          "1112205",
                          "1112206",
                          "1143315",
                          "1143316",
                          "1144849",
                          "1144850"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "FXL1"
              }
            ],
            "category": "product_family",
            "name": "flexLock"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK SE1 all versions",
                      "product_id": "CSAFPID-0011",
                      "product_identification_helper": {
                        "skus": [
                          "1132196",
                          "1132197"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "SE1"
              }
            ],
            "category": "product_family",
            "name": "SE1"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK ANM58B all versions",
                      "product_id": "CSAFPID-0012",
                      "product_identification_helper": {
                        "skus": [
                          "1145910",
                          "1146128",
                          "1146129",
                          "1146130",
                          "1146132",
                          "1146133",
                          "1146134",
                          "1146135",
                          "1146136",
                          "1146137",
                          "1146519",
                          "1146524",
                          "1146526",
                          "1146529",
                          "1146643",
                          "1146644",
                          "1146645",
                          "1146648",
                          "1148701",
                          "1148703",
                          "1148711",
                          "1148725",
                          "1148730"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "ANM58B"
              }
            ],
            "category": "product_family",
            "name": "ANM58 PROFINET "
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK ANS58B all versions",
                      "product_id": "CSAFPID-0013",
                      "product_identification_helper": {
                        "skus": [
                          "1145911",
                          "1145966",
                          "1146127",
                          "1146131",
                          "1146525",
                          "1146658",
                          "1148702",
                          "1148706",
                          "1148712",
                          "1148713",
                          "1148717",
                          "1148718",
                          "1148721",
                          "1148722",
                          "1148726",
                          "1148727",
                          "1148731",
                          "1148732",
                          "1149238",
                          "1149416",
                          "1149417",
                          "1149418"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "ANS58B"
              }
            ],
            "category": "product_family",
            "name": "ANS58 PROFINET "
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.02 up to 1.30",
                "product": {
                  "name": "SICK deTem4 firmware 1.02 up to 1.30",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.02 up to 1.30",
                "product": {
                  "name": "SICK deTem4 A/P firmware 1.02 up to 1.30",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.05 up to 1.43",
                "product": {
                  "name": "SICK deTec4 firmware 1.05 up to 1.43",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "deTec4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.10 up to 1.15",
                "product": {
                  "name": "SICK scanGrid2 firmware 1.10 up to 1.15",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "scanGrid2 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.02",
                "product": {
                  "name": "SICK DMM4 firmware 1.02",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "DMM4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK safeVisionary2 firmware all versions",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "safeVisionary2 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.20.00",
                "product": {
                  "name": "SICK FXL1 firmware 1.20.00",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "FXL1 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.16.00",
                "product": {
                  "name": "SICK SE1 firmware 1.16.00",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "SE1 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.10",
                "product": {
                  "name": "SICK deTem4 LT Muting A/P firmware 1.10",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 LT Muting A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.04 up to 1.10",
                "product": {
                  "name": "SICK deTem4 Core A/P firmware 1.04 up to 1.10",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 Core A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.04 up to 1.10",
                "product": {
                  "name": "SICK deTem2 Core A/P 1.04 up to 1.10",
                  "product_id": "CSAFPID-0024"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem2 Core A/P"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK ANM58B firmware all versions",
                  "product_id": "CSAFPID-0025"
                }
              }
            ],
            "category": "product_name",
            "name": "ANM58B firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK ANS58B firmware all versions",
                  "product_id": "CSAFPID-0026"
                }
              }
            ],
            "category": "product_name",
            "name": "ANS58B firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 with Firmware 1.02 up to 1.30",
          "product_id": "CSAFPID-0027"
        },
        "product_reference": "CSAFPID-0014",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 A/P with Firmware 1.02 up to 1.30",
          "product_id": "CSAFPID-0028"
        },
        "product_reference": "CSAFPID-0015",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTec4 with Firmware 1.05 up to 1.43",
          "product_id": "CSAFPID-0029"
        },
        "product_reference": "CSAFPID-0016",
        "relates_to_product_reference": "CSAFPID-0006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK scanGrid2 with Firmware 1.10 up to 1.15",
          "product_id": "CSAFPID-0030"
        },
        "product_reference": "CSAFPID-0017",
        "relates_to_product_reference": "CSAFPID-0007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK DMM4 with Firmware 1.02",
          "product_id": "CSAFPID-0031"
        },
        "product_reference": "CSAFPID-0018",
        "relates_to_product_reference": "CSAFPID-0008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK safeVisionary2 all Firmware versions",
          "product_id": "CSAFPID-0032"
        },
        "product_reference": "CSAFPID-0019",
        "relates_to_product_reference": "CSAFPID-0009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FXL1 with Firmware 1.20.00",
          "product_id": "CSAFPID-0033"
        },
        "product_reference": "CSAFPID-0020",
        "relates_to_product_reference": "CSAFPID-0010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SE1 with Firmware 1.16.00",
          "product_id": "CSAFPID-0034"
        },
        "product_reference": "CSAFPID-0021",
        "relates_to_product_reference": "CSAFPID-0011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 LT Muting A/P  with Firmware 1.10",
          "product_id": "CSAFPID-0035"
        },
        "product_reference": "CSAFPID-0022",
        "relates_to_product_reference": "CSAFPID-0003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 Core A/P  with Firmware 1.04 up to 1.10",
          "product_id": "CSAFPID-0036"
        },
        "product_reference": "CSAFPID-0023",
        "relates_to_product_reference": "CSAFPID-0004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem2 Core A/P with Firmware 1.04 up to 1.10",
          "product_id": "CSAFPID-0037"
        },
        "product_reference": "CSAFPID-0024",
        "relates_to_product_reference": "CSAFPID-0005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK ANM58B all Firmware versions",
          "product_id": "CSAFPID-0038"
        },
        "product_reference": "CSAFPID-0025",
        "relates_to_product_reference": "CSAFPID-0012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK ANS58B all Firmware versions",
          "product_id": "CSAFPID-0039"
        },
        "product_reference": "CSAFPID-0026",
        "relates_to_product_reference": "CSAFPID-0013"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-28115",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ],
      "title": "Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled"
    },
    {
      "cve": "CVE-2018-16525",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\\LLMNR packets in prvParseDNSReply.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-43997",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with MPU support enabled (i.e. configENABLE_MPU set to 1). These are fixed in V10.5.0 and in V10.4.3-LTS Patch 3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-31571",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-32020",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-31572",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16601",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16526",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16523",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.4,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16600",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16527",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16524",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16599",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16598",
      "cwe": {
        "id": "CWE-441",
        "name": "Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16602",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16603",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    }
  ]
}

ghsa-rwxp-vr7v-m747

Vulnerability from github

Published

2022-05-14 01:43

Modified

2022-05-14 01:43

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-06T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.",
  "id": "GHSA-rwxp-vr7v-m747",
  "modified": "2022-05-14T01:43:19Z",
  "published": "2022-05-14T01:43:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16602"
    },
    {
      "type": "WEB",
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details"
    },
    {
      "type": "WEB",
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-16602 (GCVE-0-2018-16602)

Vulnerability from cvelistv5

gsd-2018-16602

Vulnerability from gsd

fkie_cve-2018-16602

Vulnerability from fkie_nvd

sca-2025-0003

Vulnerability from csaf_sick

ghsa-rwxp-vr7v-m747

Vulnerability from github

Tags

Sightings

Nomenclature