The FreeRTOS-Plus-TCP v4.1.1 release is now available. This release addresses a security vulnerability (CWE-126: Buffer Over-read) in the DNS response parser for versions v4.0.0 through v4.1.0. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. Users running FreeRTOS-Plus-TCP versions v4.0.0 or v4.1.0 with the DNS functionality in use are advised to upgrade to v4.1.1 immediately to mitigate this vulnerability. Contact us on the FreeRTOS forums if you have feedback or comments!
4 Likes