Vulnerability Note VU#590639
NXP Semiconductors MQX RTOS contains multiple vulnerabilities
The NXP Semiconductors MQX RTOS prior to version 5.1 contains a buffer overflow in the DHCP client, which may lead to memory corruption allowing an attacker to execute arbitrary code, as well as an out of bounds read in the DNS client which may lead to a denial of service.
The NXP Semiconductors MQX real-time operating system (RTOS) prior to version 5.1 is vulnerable to the following:
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2017-12718
A remote, unauthenticated attacker may be able to send crafted DHCP or DNS packets to cause a buffer overflow and/or corrupt memory, leading to denial of service or code execution on the device.
Apply an update/patch
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|NXP Semiconductors Inc.||Affected||19 Jun 2017||10 Oct 2017|
CVSS Metrics (Learn More)
Thanks to Scott Gayou for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2017-12718 CVE-2017-12722
- Date Public: 12 Oct 2017
- Date First Published: 12 Oct 2017
- Date Last Updated: 13 Oct 2017
- Document Revision: 42
If you have feedback, comments, or additional information about this vulnerability, please send us email.