Eclipse: >> Threadx Netx Duo >> 6.4.3 Security Vulnerabilities
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of
certain SSL/TLS client hello message: the ciphersuite length and
compression method length. In case of an attacker-crafted message with
values outside of the expected range, it could cause an out-of-bound
read.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-10-15
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-15
Page 2