12/15/2020 - FreeRTOS Kernel V10.4.2 and earlier
In heap2.c there is an unchecked possible addition overflow when calculating the size of the block of memory to be allocated that could result in the size overflowing and the allocation returning success but allocating only a fraction of the memory asked for. This will only affect code where the amount of memory being allocated is within 8 bytes of 4 GB.
In queue.c there is an unchecked possible addition overflow during queue allocation. This will only affect code where the size of the queue is within sizeof(queue_t) bytes of 4GB.
In stream_buffer.c there is an unchecked possible addition overflow during steam buffer creation. This will only affect code where the size of the stream buffer is within sizeof(StreamBuffer_t) bytes of 4GB.
FreeRTOS V10.4.3 and newer contains additional code that checks for and prevents these potential overflows.
The public CVE record for this can be found at MITRE: CVE-2021-31571 and CVE-2021-31572
We thank the MSVR (Microsoft Security and Vulnerability Research) team for reporting these issues.
08/21/2018 - FreeRTOS+TCP V2.0.7
Multiple security improvements and fixes in packet parsing routines, DNS caching, and TCP sequence number and ID generation.
Disable NBNS and LLMNR by default.
Add TCP hang protection by default.
We thank Ori Karliner of Zimperium zLabs Team for reporting these issues.
Copyright (C) Amazon Web Services, Inc. or its affiliates. All rights reserved.