Description
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet.








The issue is present whenever DHCPv6 is enabled.








To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.
Published: 2026-04-29
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an integer underflow in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP versions older than 4.4.1 and 4.2.6. A crafted DHCPv6 packet can cause the library to corrupt the device’s IPv6 address assignment, DNS configuration, and lease times, and can trigger a permanent freeze of the IP task that requires a hardware reset. The impact is thus a loss of network availability and a disruption of correct network configuration, but it does not directly expose sensitive data.

Affected Systems

The affected product is AWS FreeRTOS-Plus-TCP. All builds before version 4.4.1 and 4.2.6 are vulnerable when DHCPv6 is enabled. Devices using these versions should be audited for DHCPv6 usage and the firmware version confirmed.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a network-based attacker who can send a malicious DHCPv6 packet to the target device. Exploitation requires that the device has DHCPv6 enabled and is reachable on the local network.

Generated by OpenCVE AI on April 29, 2026 at 21:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable DHCPv6 on the device or switch to a static IPv6 configuration until a patch is applied.
  • Upgrade FreeRTOS-Plus-TCP to version 4.2.6, 4.4.1, or newer to obtain the corrected DHCPv6 sub‑option parser.
  • Reboot the device after updating to ensure the IP task is reinitialized and the firmware change takes effect.

Generated by OpenCVE AI on April 29, 2026 at 21:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Amazon
Amazon freertos-plus-tcp
Vendors & Products Amazon
Amazon freertos-plus-tcp

Wed, 29 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
References

Wed, 29 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.
Title Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP
Weaknesses CWE-191
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Amazon Freertos-plus-tcp
cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2026-04-29T22:13:39.794Z

Reserved: 2026-04-29T14:27:50.756Z

Link: CVE-2026-7424

cve-icon Vulnrichment

Updated: 2026-04-29T19:08:57.950Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-29T19:16:26.743

Modified: 2026-04-30T15:13:14.230

Link: CVE-2026-7424

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:15:31Z

Weaknesses