VYPR

Threadx

by Eclipse

Source repositories

CVEs (20)

  • CVE-2026-0648HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to…

  • CVE-2025-55095MedJan 27, 2026
    risk 0.27cvss 4.2epss 0.00

    The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs…

  • CVE-2025-55099Oct 17, 2025
    risk 0.00cvss epss 0.00

    In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields.

  • CVE-2025-55094Oct 17, 2025
    risk 0.00cvss epss 0.00

    In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options.

  • CVE-2025-55093Oct 17, 2025
    risk 0.00cvss epss 0.00

    In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.

  • CVE-2025-55090Oct 16, 2025
    risk 0.00cvss epss 0.00

    In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.

  • CVE-2025-55084Oct 16, 2025
    risk 0.00cvss epss 0.00

    In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.

  • CVE-2025-55083Oct 15, 2025
    risk 0.00cvss epss 0.00

    In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.

  • CVE-2025-55080Oct 15, 2025
    risk 0.00cvss epss 0.00

    In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write.

  • CVE-2025-55079Oct 15, 2025
    risk 0.00cvss epss 0.00

    In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service.

  • CVE-2025-55078Oct 14, 2025
    risk 0.00cvss epss 0.00

    In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module…

  • CVE-2025-2259Apr 6, 2025
    risk 0.00cvss epss 0.01

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data…

  • CVE-2025-2260Apr 6, 2025
    risk 0.00cvss epss 0.01

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further…

  • CVE-2025-2258Apr 6, 2025
    risk 0.00cvss epss 0.01

    In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data…

  • CVE-2025-0727Feb 21, 2025
    risk 0.00cvss epss 0.01

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data…

  • CVE-2025-0728Feb 21, 2025
    risk 0.00cvss epss 0.01

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size.…

  • CVE-2025-0726Feb 21, 2025
    risk 0.00cvss epss 0.01

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further…

  • CVE-2024-2212Mar 26, 2024
    risk 0.00cvss epss 0.01

    In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap…

  • CVE-2024-2214Mar 26, 2024
    risk 0.00cvss epss 0.00

    In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c

  • CVE-2024-2452Mar 26, 2024
    risk 0.00cvss epss 0.01

    In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.