CVE-2025-55084
- EPSS 0.3%
- Veröffentlicht 16.10.2025 06:29:35
- Zuletzt bearbeitet 21.10.2025 17:06:58
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
CVE-2025-55083
- EPSS 0.23%
- Veröffentlicht 15.10.2025 14:11:23
- Zuletzt bearbeitet 21.10.2025 17:04:27
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
CVE-2025-55082
- EPSS 0.23%
- Veröffentlicht 15.10.2025 11:15:39
- Zuletzt bearbeitet 21.10.2025 16:59:38
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.
CVE-2025-55081
- EPSS 0.34%
- Veröffentlicht 15.10.2025 10:46:05
- Zuletzt bearbeitet 27.10.2025 19:03:20
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In c...
CVE-2025-2260
- EPSS 0.88%
- Veröffentlicht 06.04.2025 19:15:41
- Zuletzt bearbeitet 31.07.2025 16:31:39
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the...
CVE-2025-2259
- EPSS 0.88%
- Veröffentlicht 06.04.2025 19:15:41
- Zuletzt bearbeitet 31.07.2025 16:34:08
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one...
CVE-2025-2258
- EPSS 0.88%
- Veröffentlicht 06.04.2025 18:50:42
- Zuletzt bearbeitet 31.07.2025 16:34:14
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content...
CVE-2025-0728
- EPSS 0.7%
- Veröffentlicht 21.02.2025 09:15:10
- Zuletzt bearbeitet 31.07.2025 16:33:10
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smalle...
CVE-2025-0727
- EPSS 0.7%
- Veröffentlicht 21.02.2025 09:15:09
- Zuletzt bearbeitet 31.07.2025 16:33:00
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one...
CVE-2025-0726
- EPSS 0.7%
- Veröffentlicht 21.02.2025 08:15:28
- Zuletzt bearbeitet 31.07.2025 16:32:38
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the...