An out‑of‑bounds read occurs in the IPv6 Router Advertisement parser of FreeRTOS‑Plus‑TCP before versions V4.2.6 and V4.4.1. The parser fails to correctly validate the length of the PREFIX_INFORMATION option, allowing a crafted Router Advertisement packet to trigger a buffer overread. This can cause the device to crash, resulting in a denial of service that removes network functionality during the crash period. The flaw is a classic over‑read (CWE‑125).

The vulnerability affects devices running AWS FreeRTOS‑Plus‑TCP by Amazon before the update to V4.2.6, and any instances still using the older V4.4.1 series prior to its corrected release. Any embedded systems that incorporate this TCP/IP stack without the fixed version are susceptible.

The CVSS score of 6.0 places it in the medium severity range, and no EPSS data is available, implying low to moderate exploitation probability. The vulnerability is not listed in the CISA KEV catalog, suggesting there are no known high‑profile attacks. The likely attack vector is local‑network based and requires an attacker adjacent to the target to send a malicious Router Advertisement. Because the flaw is exposed only through network traffic, defenders on the same subnet can potentially mitigate risk by limiting Router Advertisement reception from untrusted sources.