Integer Underflow in FreeRTOS-Plus-TCP ICMP Handlers V4.4.1/V4.2.6: CVE-2026-7423 April 2026

Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available.

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

What is an Integer underflow Vulnerability?

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.

CVE-2026-7423 has been classified to as an Integer underflow vulnerability or weakness.

Products Associated with CVE-2026-7423

Want to know whenever a new CVE is published for Amazon Aws? stack.watch will email you.

Integer Underflow in FreeRTOS-Plus-TCP ICMP Handlers V4.4.1/V4.2.6
CVE-2026-7423 Published on April 29, 2026

Vulnerability Analysis

Weakness Type

What is an Integer underflow Vulnerability?

Products Associated with CVE-2026-7423

Affected Versions

Integer Underflow in FreeRTOS-Plus-TCP ICMP Handlers V4.4.1/V4.2.6CVE-2026-7423 Published on April 29, 2026

Vulnerability Analysis

Weakness Type

What is an Integer underflow Vulnerability?

Products Associated with CVE-2026-7423

Affected Versions

Integer Underflow in FreeRTOS-Plus-TCP ICMP Handlers V4.4.1/V4.2.6
CVE-2026-7423 Published on April 29, 2026