Use After Free Vulnerability in Real Time Engineers FreeRTOS+FAT 160919a

Use After Free Vulnerability in Real Time Engineers FreeRTOS+FAT 160919a

CVE-2019-18178 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().

Learn more about our Web Application Penetration Testing UK.