Vulnerabilities (CVE)

Filtered by vendor Eclipse Subscribe
Filtered by product Threadx Netx Duo
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-55094 1 Eclipse 1 Threadx Netx Duo 2025-10-24 N/A 7.5 HIGH
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options.
CVE-2025-55087 1 Eclipse 1 Threadx Netx Duo 2025-10-24 N/A 7.5 HIGH
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.
CVE-2025-55093 1 Eclipse 1 Threadx Netx Duo 2025-10-24 N/A 5.3 MEDIUM
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.
CVE-2025-55092 1 Eclipse 1 Threadx Netx Duo 2025-10-24 N/A 5.3 MEDIUM
In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option.
CVE-2025-55086 1 Eclipse 1 Threadx Netx Duo 2025-10-24 N/A 9.8 CRITICAL
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.
CVE-2025-55091 1 Eclipse 1 Threadx Netx Duo 2025-10-21 N/A 6.5 MEDIUM
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.
CVE-2025-55090 1 Eclipse 1 Threadx Netx Duo 2025-10-21 N/A 6.5 MEDIUM
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
CVE-2025-55084 1 Eclipse 1 Threadx Netx Duo 2025-10-21 N/A 5.3 MEDIUM
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
CVE-2025-55083 1 Eclipse 1 Threadx Netx Duo 2025-10-21 N/A 5.3 MEDIUM
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
CVE-2025-55082 1 Eclipse 1 Threadx Netx Duo 2025-10-21 N/A 5.3 MEDIUM
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.
CVE-2025-2258 1 Eclipse 1 Threadx Netx Duo 2025-07-31 N/A 7.5 HIGH
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728.
CVE-2025-2259 1 Eclipse 1 Threadx Netx Duo 2025-07-31 N/A 7.5 HIGH
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727
CVE-2025-0728 1 Eclipse 1 Threadx Netx Duo 2025-07-31 N/A 7.5 HIGH
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support.
CVE-2025-0727 1 Eclipse 1 Threadx Netx Duo 2025-07-31 N/A 7.5 HIGH
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support.
CVE-2025-0726 1 Eclipse 1 Threadx Netx Duo 2025-07-31 N/A 7.5 HIGH
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support.
CVE-2025-2260 1 Eclipse 1 Threadx Netx Duo 2025-07-31 N/A 7.5 HIGH
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. This issue follows an incomplete fix of CVE-2025-0726.
CVE-2024-2452 1 Eclipse 1 Threadx Netx Duo 2025-02-13 N/A 7.0 HIGH
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.