Eclipse ThreadX NetX Duo HTTP Server Integer Underflow Vulnerability in PUT Request

A denial-of-service vulnerability due to an integer underflow has been identified in the HTTP server functionality of Eclipse ThreadX NetX Duo, in versions through 6.4.2. This vulnerability allows an attacker to write an excessively large file by sending specially crafted packets with a Content-Length smaller than the actual data being transmitted. The underflow occurs when the server processes the HTTP PUT request, leading to a consumption of file system resources. This issue affects both the NetX Duo Component HTTP Server and the NetX Duo Web Component HTTP Server.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition by consuming all available file system resources, potentially causing the device to malfunction or become unresponsive.

Reproduction

To reproduce this vulnerability, send an HTTP PUT request with a Content-Length header that is smaller than the actual amount of data being transmitted. The server will process the request, leading to an integer underflow that allows a very large file to be written, consuming file system resources.

Remediation

Users can update to Eclipse ThreadX NetX Duo version 6.4.3 or later, where this vulnerability has been patched. If an immediate update is not possible, HTTP PUT support can be disabled as a temporary workaround.