216.73.217.64

CVE-2026-7424

· Published 29/04/2026 19:16 · Modified 29/04/2026 23:16

Labels: CVE-2026-7424 2026-04-29CVE-2026-7424CWE-191ff89ba41-3aa1-4d27-914a-91399e9639e5

Essential information

Published
29/04/2026 19:16
Modified
29/04/2026 23:16
Author
Creator
CVSS
7.2 HIGH (v3) 7.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD
View on NVD

Affected products (CPE)

ProductCPE
freertos / freertos plus tcp cpe:2.3:a:freertos:freertos_plus_tcp:<4.4.1:*:*:*:*:*:*:*

References