Eclipse: >> Threadx Netx Duo >> 6.4.3 Security Vulnerabilities
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
CVSS Score
6.9
EPSS Score
0.0
Published
2025-10-15
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of
certain SSL/TLS client hello message: the ciphersuite length and
compression method length. In case of an attacker-crafted message with
values outside of the expected range, it could cause an out-of-bound
read.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-10-15
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.
CVSS Score
6.9
EPSS Score
0.0
Published
2025-10-15
Page 2