Eclipse

Threadx Netx Duo

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-55082

  • EPSS 0.04%
  • Veröffentlicht 15.10.2025 11:15:39
  • Zuletzt bearbeitet 21.10.2025 16:59:38

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.

9.1

CVE-2025-55081

  • EPSS 0.07%
  • Veröffentlicht 15.10.2025 10:46:05
  • Zuletzt bearbeitet 27.10.2025 19:03:20

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In c...

7.5

CVE-2025-2260

  • EPSS 0.06%
  • Veröffentlicht 06.04.2025 19:15:41
  • Zuletzt bearbeitet 31.07.2025 16:31:39

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the...

7.5

CVE-2025-2259

  • EPSS 0.06%
  • Veröffentlicht 06.04.2025 19:15:41
  • Zuletzt bearbeitet 31.07.2025 16:34:08

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one...

7.5

CVE-2025-2258

  • EPSS 0.06%
  • Veröffentlicht 06.04.2025 18:50:42
  • Zuletzt bearbeitet 31.07.2025 16:34:14

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content...

7.5

CVE-2025-0728

  • EPSS 0.11%
  • Veröffentlicht 21.02.2025 09:15:10
  • Zuletzt bearbeitet 31.07.2025 16:33:10

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smalle...

7.5

CVE-2025-0727

  • EPSS 0.11%
  • Veröffentlicht 21.02.2025 09:15:09
  • Zuletzt bearbeitet 31.07.2025 16:33:00

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one...

7.5

CVE-2025-0726

  • EPSS 0.11%
  • Veröffentlicht 21.02.2025 08:15:28
  • Zuletzt bearbeitet 31.07.2025 16:32:38

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the...

9.8

CVE-2024-2452

  • EPSS 0.14%
  • Veröffentlicht 26.03.2024 16:15:13
  • Zuletzt bearbeitet 13.02.2025 18:17:53

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.