Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which interacts with an associated vulnerable MQTT message in the application, specific circumstances could trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Amazon FreeRTOS 缓冲区错误漏洞
Vulnerability Description
Amazon FreeRTOS是美国亚马逊(Amazon)公司的一套适用于微控制器的开源操作系统。 Amazon FreeRTOS v1.4.8及之前版本中存在缓冲区错误漏洞。该漏洞源于程序没有检查prvProcessReceivedPublish的长度。攻击者可利用该漏洞获取设备任意内存信息。
CVSS Information
N/A
Vulnerability Type
N/A