CVE-2025-5688 - Vulnerability Details - OpenCVE

We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://aws.amazon.com/security/security-bulletins/AWS-2025-012/

History

Wed, 04 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 04 Jun 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description		We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.
Title		Out of Bounds Write in FreeRTOS-Plus-TCP
Weaknesses		CWE-787
References		https://aws.amazon.com/security/security-bulletins/AWS-2025-012/
Metrics		cvssV4_0 `{'score': 7.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: AMZN

Published: 2025-06-04T17:09:54.718Z

Updated: 2025-06-04T18:18:46.071Z

Reserved: 2025-06-04T15:11:43.065Z

Link: CVE-2025-5688

Vulnrichment

Updated: 2025-06-04T18:12:05.388Z

NVD

Status : Awaiting Analysis

Published: 2025-06-04T17:15:29.330

Modified: 2025-06-05T20:12:23.777

Link: CVE-2025-5688

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5688", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "state": "PUBLISHED", "assignerShortName": "AMZN", "dateReserved": "2025-06-04T15:11:43.065Z", "datePublished": "2025-06-04T17:09:54.718Z", "dateUpdated": "2025-06-04T18:18:46.071Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP", "defaultStatus": "unaffected", "packageName": "FreeRTOS-Plus-TCP", "product": "FreeRTOS", "vendor": "Amazon", "versions": [{"lessThan": "4.3.2", "status": "affected", "version": "2.3.4", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled.</p><p><br>Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. </p><br>"}], "value": "We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled.\n\n\nUsers should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100: Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.5, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2025-06-04T17:09:54.718Z"}, "references": [{"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-012/"}], "source": {"discovery": "UNKNOWN"}, "title": "Out of Bounds Write in FreeRTOS-Plus-TCP", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-04T18:12:03.678492Z", "id": "CVE-2025-5688", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T18:18:46.071Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5688", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-04T18:12:03.678492Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T18:12:05.388Z"}}], "cna": {"title": "Out of Bounds Write in FreeRTOS-Plus-TCP", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100: Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Amazon", "product": "FreeRTOS", "versions": [{"status": "affected", "version": "2.3.4", "lessThan": "4.3.2", "versionType": "semver"}], "packageName": "FreeRTOS-Plus-TCP", "collectionURL": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP", "defaultStatus": "unaffected"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-012/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled.\n\n\nUsers should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.", "supportingMedia": [{"type": "text/html", "value": "<p>We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled.</p><p><br>Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. </p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2025-06-04T17:09:54.718Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5688", "state": "PUBLISHED", "dateUpdated": "2025-06-04T18:18:46.071Z", "dateReserved": "2025-06-04T15:11:43.065Z", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "datePublished": "2025-06-04T17:09:54.718Z", "assignerShortName": "AMZN"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled.\n\n\nUsers should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes."}, {"lang": "es", "value": "Hemos identificado un problema de desbordamiento de b\u00fafer que permite escrituras fuera de los l\u00edmites al procesar consultas LLMNR o mDNS con nombres DNS muy largos. Este problema solo afecta a los sistemas que utilizan el Esquema de Asignaci\u00f3n de B\u00fafer 1 con LLMNR o mDNS habilitados. Los usuarios deben actualizar a la \u00faltima versi\u00f3n y asegurarse de que cualquier c\u00f3digo derivado o bifurcado est\u00e9 parcheado para incorporar las nuevas correcciones."}], "id": "CVE-2025-5688", "lastModified": "2025-06-05T20:12:23.777", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}]}, "published": "2025-06-04T17:15:29.330", "references": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-012/"}], "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}]}