Summary
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. An issue exists where, under certain circumstances, the IPv4 and IPv6 packet validation functions skip all checksum and minimum-size validation when the Ethernet source MAC address matches one of the device's own registered endpoints.
Impact
The TCP stack has a loopback detection mechanism that skips all input validation for packets whose source MAC address matches a local endpoint. An adjacent network device can spoof the Ethernet source MAC address to match one of the device's own registered MAC addresses, bypassing all checksum and minimum-size validation.
Impacted versions: >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <=V4.4.0
Patches
This issue has been addressed in FreeRTOS-Plus-TCP version V4.4.1 and V4.2.6. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds
This issue can be mitigated by upgrading to an unaffected version of FreeRTOS-Plus-TCP.
References
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
Acknowledgement
We would like to thank Eun0us of Espilon for collaborating on this issue through the coordinated vulnerability disclosure process.
Eun0us Reporter
Summary
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. An issue exists where, under certain circumstances, the IPv4 and IPv6 packet validation functions skip all checksum and minimum-size validation when the Ethernet source MAC address matches one of the device's own registered endpoints.
Impact
The TCP stack has a loopback detection mechanism that skips all input validation for packets whose source MAC address matches a local endpoint. An adjacent network device can spoof the Ethernet source MAC address to match one of the device's own registered MAC addresses, bypassing all checksum and minimum-size validation.
Impacted versions: >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <=V4.4.0
Patches
This issue has been addressed in FreeRTOS-Plus-TCP version V4.4.1 and V4.2.6. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds
This issue can be mitigated by upgrading to an unaffected version of FreeRTOS-Plus-TCP.
References
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
Acknowledgement
We would like to thank Eun0us of Espilon for collaborating on this issue through the coordinated vulnerability disclosure process.