214 matches found
The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks
Microcontroller-based IoT devices often use embedded real-time operating systems RTOSs. Vulnerabilities in these embedded RTOSs can lead to compromises of those IoT devices. Despite the significance of security protections, the absence of standardized security guidelines results in various levels...
Eclipse and STMicroelectronics vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in the STMicroelectronics fork of ThreadX called X-CUBE-AZRTOS. The vulnerabilities mentioned in this blog post have been patched by their respective...
Eclipse ThreadX NetX Duo HTTP server chunked PUT request integer underflow vulnerability
Talos Vulnerability Report TALOS-2024-2104 Eclipse ThreadX NetX Duo HTTP server chunked PUT request integer underflow vulnerability April 14, 2025 CVE Number None,CVE-2025-2259 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of Eclipse ThreadX NetX D...
Eclipse ThreadX NetX Duo HTTP server denial of service vulnerability
Talos Vulnerability Report TALOS-2024-2098 Eclipse ThreadX NetX Duo HTTP server denial of service vulnerability April 14, 2025 CVE Number CVE-2025-2260,None SUMMARY A denial of service vulnerability exists in the NetX HTTP server functionality of Eclipse ThreadX NetX Duo git commit 6c8e9d1. A...
Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow vulnerability
Talos Vulnerability Report TALOS-2024-2105 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow vulnerability April 14, 2025 CVE Number None,CVE-2025-2258 SUMMARY An integer underflow vulnerability exists in the HTTP server PUT request functionality of Eclipse ThreadX NetX Du...
CVE-2025-2260
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...
CVE-2025-2258
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...
CVE-2025-2260
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...
CVE-2025-2259
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...
CVE-2025-2259
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...
CVE-2025-2258
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...
CVE-2025-2258
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...
CVE-2025-2259
The TALOS report confirms a concrete vulnerability: Eclipse ThreadX NetX Duo HTTP server PUT handling can trigger an integer underflow in _nx_web_http_server_put_process when Content-Length in the first packet is smaller than data in the second, potentially writing a very large file and causing d...
CVE-2025-2259 Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...
CVE-2025-2259 Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...
CVE-2025-2260 Eclipse ThreadX NetX Duo HTTP component server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...
CVE-2025-2260
Summary: CVE-2025-2260 affects the NetX Duo HTTP server component in Eclipse ThreadX NetX Duo (netxduo) prior to 6.4.3. The root cause is a missing file close after an error during PUT handling, causing the server to respond with 404 for subsequent file requests. Affects both NetX Duo Web Compone...
CVE-2025-2260 Eclipse ThreadX NetX Duo HTTP component server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...
CVE-2025-2258 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...
CVE-2025-2258
NetX Duo HTTP server (Eclipse ThreadX NetX Duo) is affected for versions before 6.4.3. The issue is an integer underflow in the PUT handling path, where a Content-Length smaller than the actual data leads to underflow in the length calculation inside _nx_web_http_server_put_process, causing the s...