Vulnerabilities > CVE-2019-18178 - Use After Free vulnerability in Amazon Freertos+Fat 160919A

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

amazon

CWE-416

NVD

Published: 2019-11-04

Updated: 2019-11-09

Summary

Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().

Vulnerable Configurations

Part	Description	Count
OS	Amazon Amazon Freertos+Fat 160919A	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://sourceforge.net/p/freertos/bugs/199/