CVE-2026-7423: Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP

Q: What is the severity of CVE-2026-7423?

CVE-2026-7423 has a severity rating that indicates it can lead to denial of service due to an integer underflow.

Q: How do I fix CVE-2026-7423?

To remedy CVE-2026-7423, upgrade to FreeRTOS-Plus-TCP versions 4.4.1 or 4.2.6 and ensure outgoing ping support is disabled.

Q: Who is affected by CVE-2026-7423?

CVE-2026-7423 affects users of FreeRTOS-Plus-TCP versions prior to 4.4.1 and 4.2.6.

Q: What can be the impact of CVE-2026-7423?

The impact of CVE-2026-7423 includes system crashes and denial of service when outgoing ping support is enabled.

Q: What type of vulnerability is CVE-2026-7423?

CVE-2026-7423 is classified as an integer underflow vulnerability found in the ICMP echo reply processing.

Published Apr 29, 2026

Updated

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available.

Affected Software

3 affected components

Freertos FreeRTOS-Plus-TCP<4.4.1, <4.2.6

Amazon Freertos-plus-tcp>=4.0.0<4.2.6

Amazon Freertos-plus-tcp>=4.3.0<4.4.1

Remediation

Patch Available

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-7r59-2pgv-9v2r

Event History

Apr 29, 2026

CVE Published

via MITRE·06:36 PM

Data Sourced

via MITRE·06:36 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·07:16 PM

RemedyDescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-7423?

CVE-2026-7423 has a severity rating that indicates it can lead to denial of service due to an integer underflow.

How do I fix CVE-2026-7423?

To remedy CVE-2026-7423, upgrade to FreeRTOS-Plus-TCP versions 4.4.1 or 4.2.6 and ensure outgoing ping support is disabled.

Who is affected by CVE-2026-7423?

CVE-2026-7423 affects users of FreeRTOS-Plus-TCP versions prior to 4.4.1 and 4.2.6.

What can be the impact of CVE-2026-7423?

The impact of CVE-2026-7423 includes system crashes and denial of service when outgoing ping support is enabled.

What type of vulnerability is CVE-2026-7423?

CVE-2026-7423 is classified as an integer underflow vulnerability found in the ICMP echo reply processing.

CVSS Score

5.3Medium

Medium Severity

AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Security Metrics

Risk Score27

Severitymedium(6)

EPSS0.023%

CWE

191

Timeline

PublishedApr 29, 2026

Updated

References

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2026-7423 - Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP - SecAlerts