Eclipse: Security Vulnerabilities
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.
CVSS Score
6.3
EPSS Score
0.004
Published
2025-10-17
In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-10-17
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-10-17
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-10-16
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-10-16
In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets
CVSS Score
9.2
EPSS Score
0.005
Published
2025-10-16
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-10-16
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-10-15
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of
certain SSL/TLS client hello message: the ciphersuite length and
compression method length. In case of an attacker-crafted message with
values outside of the expected range, it could cause an out-of-bound
read.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-10-15
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-10-15