ThreadX
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55086 | Cri | 0.64 | 9.8 | 0.00 | Oct 20, 2025 | In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read. | ||
| CVE-2025-55089 | Cri | 0.64 | 9.8 | 0.00 | Oct 16, 2025 | In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets | ||
| CVE-2025-55100 | Cri | 0.59 | 9.1 | 0.01 | Oct 17, 2025 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies. | ||
| CVE-2025-55085 | Hig | 0.49 | 7.5 | 0.01 | Oct 17, 2025 | In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior. | ||
| CVE-2025-55094 | Hig | 0.49 | 7.5 | 0.00 | Oct 17, 2025 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options. | ||
| CVE-2025-55087 | Hig | 0.49 | 7.5 | 0.00 | Oct 17, 2025 | In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters. | ||
| CVE-2025-55090 | Med | 0.42 | 6.5 | 0.00 | Oct 16, 2025 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet. | ||
| CVE-2025-55099 | Med | 0.40 | 6.1 | 0.00 | Oct 17, 2025 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields. | ||
| CVE-2025-55098 | Med | 0.40 | 6.1 | 0.00 | Oct 17, 2025 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device. | ||
| CVE-2025-55097 | Med | 0.40 | 6.1 | 0.00 | Oct 17, 2025 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device. | ||
| CVE-2025-55096 | Med | 0.40 | 6.1 | 0.00 | Oct 17, 2025 | In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device. | ||
| CVE-2025-55093 | Med | 0.34 | 5.3 | 0.00 | Oct 17, 2025 | In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory. | ||
| CVE-2025-55084 | Med | 0.34 | 5.3 | 0.00 | Oct 16, 2025 | In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field. | ||
| CVE-2025-55082 | Med | 0.34 | 5.3 | 0.00 | Oct 15, 2025 | In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message. |
- risk 0.64cvss 9.8epss 0.00
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.
- risk 0.64cvss 9.8epss 0.00
In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets
- risk 0.59cvss 9.1epss 0.01
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies.
- risk 0.49cvss 7.5epss 0.01
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.
- risk 0.49cvss 7.5epss 0.00
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options.
- risk 0.49cvss 7.5epss 0.00
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.
- risk 0.42cvss 6.5epss 0.00
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
- risk 0.40cvss 6.1epss 0.00
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields.
- risk 0.40cvss 6.1epss 0.00
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device.
- risk 0.40cvss 6.1epss 0.00
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device.
- risk 0.40cvss 6.1epss 0.00
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device.
- risk 0.34cvss 5.3epss 0.00
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.
- risk 0.34cvss 5.3epss 0.00
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
- risk 0.34cvss 5.3epss 0.00
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.