20 matches found
CVE-2025-2260
Summary: CVE-2025-2260 affects the NetX Duo HTTP server component in Eclipse ThreadX NetX Duo (netxduo) prior to 6.4.3. The root cause is a missing file close after an error during PUT handling, causing the server to respond with 404 for subsequent file requests. Affects both NetX Duo Web Compone...
CVE-2025-2259
The TALOS report confirms a concrete vulnerability: Eclipse ThreadX NetX Duo HTTP server PUT handling can trigger an integer underflow in _nx_web_http_server_put_process when Content-Length in the first packet is smaller than data in the second, potentially writing a very large file and causing d...
CVE-2025-2258
NetX Duo HTTP server (Eclipse ThreadX NetX Duo) is affected for versions before 6.4.3. The issue is an integer underflow in the PUT handling path, where a Content-Length smaller than the actual data leads to underflow in the length calculation inside _nx_web_http_server_put_process, causing the s...
CVE-2025-0728
The CVE-2025-0728 issue affects the NetX HTTP server in Eclipse ThreadX NetX Duo prior to version 6.4.2. A crafted network packet with Content-Length smaller than the data can trigger an integer underflow in the HTTP PUT path, leading to a denial of service. A workaround is to disable HTTP PUT su...
CVE-2025-0727
The CVE-2025-0727 entry concerns Eclipse ThreadX NetX Duo NetX HTTP server that allows an attacker to trigger an integer underflow and DoS by sending crafted HTTP PUT requests with mismatched Content-Length. Affected: NetX Duo before version 6.4.2 (per CVE-0727); related follow-ups indicate an in...
CVE-2024-2452
In Eclipse ThreadX NetX Duo prior to 6.4.0, an attacker who can control parameters of the __portable_aligned_alloc() function may trigger an integer wrap-around with an under-sized allocation, enabling subsequent heap buffer overflows. Affected software: Eclipse ThreadX NetX Duo (pre-6.4.0). Root...
CVE-2025-0726
The CVE-2025-0726 family affects Eclipse ThreadX NetX Duo’s NetX HTTP server. A vulnerability in the HTTP server functionality (NetX) — prior to 6.4.2 for CVE-2025-0726 and prior to 6.4.3 for CVE-2025-2260 — arises from a missing closure of a file when an error occurs, causing a denial of service...
CVE-2025-55102
Technical details about CVE-2025-55102 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.
CVE-2025-55082
NetX Duo (Eclipse Foundation ThreadX) before 6.4.4 is affected by an out-of-bounds read in _nx_secure_tls_process_clienthello() due to missing validation of PSK length in the user message. This is described across multiple sources (NVD, Red Hat, OSV, CVE lists, CNNVD). The impact is a potential i...
CVE-2025-55091
CVE-2025-55091 affects NetX Duo prior to 6.4.4 (Eclipse ThreadX networking stack). The issue is an out-of-bounds read in _nx_ip_packet_receive() when an Ethernet frame has type IP but carries no IP data. This is a software defect in the networking support module, with possible impact on affected ...
CVE-2025-55085
In NextX Duo prior to 6.4.4, the HTTP client module’s handling of HTTP header fields in the Eclipse Foundation ThreadX network support code lacks bounds verification. This can be triggered by a crafted server response and leads to undefined behavior. Affected product/version: NextX Duo
CVE-2025-55084
CVE-2025-55084 affects NetX Duo (Eclipse Foundation ThreadX) prior to 6.4.4. The vulnerability is an incorrect bound check in nx_secure_tls_proc_clienthello_supported_versions_extension(), specifically in the extension version field, described in several sources as an out-of-bounds read. The conn...
CVE-2025-55086
CVE-2025-55086 affects NetXDuo (Eclipse Foundation ThreadX) prior to v6.4.4. The DHCPV6 client contains an unchecked index when extracting the server DUID from the server reply, enabling a crafted network packet to cause an out-of-memory read. Multiple sources (NVD, Red Hat, OSV, CNNVD, CIRCL) co...
CVE-2025-55090
In NetX Duo (Eclipse ThreadX) before version 6.4.4, there is a potential out-of-bounds read in the IPv4 packet path. Specifically, the _nx_ipv4_packet_receive() function can read outside the IP payload when an Ethernet frame is received that contains less than 4 bytes of IP data. This vulnerabili...
CVE-2025-55092
CVE-2025-55092 affects Eclipse Foundation NetX Duo prior to 6.4.4, a networking stack for Eclipse ThreadX. The issue is a potential out-of-bounds read in the IPv4 handling path: in the function _nx_ipv4_option_process(), triggered when processing an IPv4 packet with the timestamp option. The Red ...
CVE-2025-55083
CVE-2025-55083 affects NetX Duo (Eclipse Foundation ThreadX component) in versions before 6.4.4. A bound-check error leads to an out-of-bounds read (two units). Affected scope and impact are stated across multiple sources (NVD, Red Hat, OSV, CVE lists). Root cause: incorrect bound check in the re...
CVE-2025-55087
Summary of CVE-2025-55087 (CVE-2025-55087) : The vulnerability affects NextX Duo’s SNMP addon (part of Eclipse ThreadX) in versions prior to 6.4.4. An attacker could trigger an out-of-bounds read by sending crafted SNMPv3 security parameters. Public data from NVD and other sources describe the sa...
CVE-2025-55093
The CVE-2025-55093 entry describes a vulnerability in NetX Duo (Eclipse ThreadX) where the networking module (_nx_ipv4_packet_receive) could perform an out-of-bounds read while handling unicast DHCP messages, potentially corrupting 4 bytes of memory. Affected product: NetX Duo prior to version 6....
CVE-2025-55094
CVE-2025-55094 : NetX Duo (Eclipse ThreadX networking support module) prior to 6.4.4 has a potential out-of-bounds read in _nx_icmpv6_validate_options() while handling a packet with ICMP6 options. Affected products are NetX Duo in Eclipse ThreadX; impact is an out-of-bounds read (privacy impact n...
CVE-2025-55081
CVE-2025-55081 affects Eclipse Foundation NextX Duo (ThreadX module) prior to version 6.4.4. The vulnerability is in the _nx_secure_tls_process_clienthello() function, which omits length verification for certain SSL/TLS client_hello fields (ciphersuite length and compression method length). Attac...