The FreeRTOS-Plus-TCP v4.3.2 release is now available. This release addresses a security vulnerability (CWE-787: Buffer Over-write) when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. This issue affects the following versions:
- v2.3.4 through v4.3.1, if LLMNR is used with Buffer Allocation Scheme 1.
- v4.0.0 through v4.3.1, if mDNS is used with Buffer Allocation Scheme 1.
Users running any of the impacted FreeRTOS-Plus-TCP version and using LLMNR or mDNS with Buffer Allocation Scheme 1 are advised to upgrade to v4.3.2 immediately to mitigate this vulnerability. Contact us on the FreeRTOS forums if you have feedback or comments!