CVE-2025-0727 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...

CVE-2025-0728 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaroun...

CVE-2025-0728 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaroun...

CVE-2025-0728

The CVE-2025-0728 issue affects the NetX HTTP server in Eclipse ThreadX NetX Duo prior to version 6.4.2. A crafted network packet with Content-Length smaller than the data can trigger an integer underflow in the HTTP PUT path, leading to a denial of service. A workaround is to disable HTTP PUT su...

CVE-2025-0726

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

CVE-2025-0726

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

CVE-2025-0726 Eclipse ThreadX NetX Duo HTTP server denial of service

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

CVE-2025-0726 Eclipse ThreadX NetX Duo HTTP server denial of service

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

CVE-2025-0726

The CVE-2025-0726 family affects Eclipse ThreadX NetX Duo’s NetX HTTP server. A vulnerability in the HTTP server functionality (NetX) — prior to 6.4.2 for CVE-2025-0726 and prior to 6.4.3 for CVE-2025-2260 — arises from a missing closure of a file when an error occurs, causing a denial of service...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo prior to version 6.4.2, which stems from an issue included in the NetX HTTP server functionality that could lead to a denial of service...

PT-2025-7469 · Eclipse · Eclipse Threadx Netx Duo

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX NetX Duo versions prior to 6.4.2 Description: The issue allows an attacker to cause an integer underflow and a subsequent denial of service by writing a very large file or by sending specially crafted packets with Content-Leng...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo prior to version 6.4.2, which stems from a buffer overflow issue included in the NetX HTTP server functionality...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo prior to version 6.4.2, which stems from a buffer overflow issue included in the NetX HTTP server functionality...

PT-2025-7470 · Eclipse · Eclipse Threadx Netx Duo

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX NetX Duo versions prior to 6.4.2 Description: The issue allows an attacker to cause an integer underflow and a subsequent denial of service by writing a very large file or by sending specially crafted packets with Content-Leng...

PT-2025-7468 · Eclipse · Eclipse Threadx Netx Duo

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX NetX Duo versions prior to 6.4.2 Description: The issue is related to the NetX HTTP server functionality, where an attacker can cause a denial of service by sending specially crafted packets. This is due to a missing closing o...

CVE-2024-2212

In Eclipse ThreadX before 6.4.0, xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API utility/rtoscompatibilitylayers/FreeRTOS/txfreertos.c were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows...

Eclipse ThreadX Buffer Overflows

-- HNS-2024-06 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Eclipse ThreadX OS: Eclipse ThreadX Date: 2024-05-28 CVE IDs and severity: CVE-2024-2214 - High - 7.0 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-2212 - High - 7.3 -...

CVE-2024-2212

In Eclipse ThreadX before 6.4.0, xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API utility/rtoscompatibilitylayers/FreeRTOS/txfreertos.c were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows...

CVE-2024-2212

In Eclipse ThreadX before 6.4.0, xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API utility/rtoscompatibilitylayers/FreeRTOS/txfreertos.c were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows...

CVE-2024-2214

In Eclipse ThreadX before version 6.4.0, the Mtxinit function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/txcliblock.c...