Out-of-Bounds write flaw in FreeRTOS-Plus-TCP can enable arbitrary code execution

AWS is reporting a memory corruption vulnerability in FreeRTOS-Plus-TCP, Amazon's open-source TCP/IP stack that powers millions of embedded and IoT devices across industrial, medical, and consumer applications. 

FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR, mDNS, NBNS, RA, ND, ICMP, and ICMPv6

This flaw is tracked as CVE-2025-5688 (CVSS score varies from 7.5 to 9.8). FreeRTOS-Plus-TCP offers two Buffer Allocation Schemes for buffer management: 

• Buffer Allocation Scheme 1 - Allocates buffers from a pre-defined pool of fixed-size buffers, and
• Buffer Allocation Scheme 2 - Allocates buffers of required size dynamically from the heap.

The vulnerability  affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. When LLMNR or mDNS is enabled, and a query with a DNS name longer than the buffer's capacity is received, the code fails to adequately check the length, leading to an out-of-bounds write.

This out-of-bounds write could enable attackers to achieve arbitrary code execution or cause system crashes in affected devices.

The affected versions include v2.3.4 through v4.3.1, if LLMNR is used with Buffer Allocation Scheme 1, and v4.0.0 through v4.3.1, if mDNS is used with Buffer Allocation Scheme 1. 

This issue has been patched in FreeRTOS-Plus-TCP version 4.3.2. Users are advised to upgrade to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.