CVE-2025-5688 - Out of Bounds Write in FreeRTOS-Plus-TCP

FreeRTOS-Plus-TCP is an open-source TCP/IP stack implementation designed for FreeRTOS, providing a standard Berkeley sockets interface and supporting essential protocols. It offers two buffer allocation schemes for buffer management. A vulnerability, CVE-2025-5688, has been identified, which allows out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. The affected versions are v2.3.4 through v4.3.1 if LLMNR is with Buffer Allocation Scheme 1, and v4.0.0 through v4.3.1 if mDNS is used with Buffer Allocation Scheme 1. The issue has been addressed in FreeRTOS-Plus-TCP version 4.3.2, and it is recommended to upgrade to the latest version and ensure any forked or derivative code is patched. There are no workarounds for this issue. Purdue University collaborated on this issue through the coordinated vulnerability disclosure process. The issue is referenced as CVE-2025-5688 and GHSA-5x4f-fvv8-wr65. Any security questions or concerns can be emailed to aws-security@amazon.com.