Primary

Context

Eclipse NetX Duo ThreadX Out-of-Bounds Read Vulnerability in TLS Client Hello Processing

Vulnerability

Patched

A moderate severity out-of-bounds read vulnerability has been identified in Eclipse Foundation NetX Duo versions prior to 6.4.4. The issue arises in the ThreadX module within the '_nx_secure_tls_process_clienthello()' function, which lacked proper length verification for certain components of the SSL/TLS client hello message, specifically the ciphersuite length and compression method length. This oversight could allow an attacker to craft a message with values outside the expected range, leading to an out-of-bounds read.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, potentially allowing for the disclosure of sensitive information or causing a denial-of-service condition.

Remediation

Users can upgrade to NetX Duo version 6.4.4 or later to address this vulnerability.

Added: Oct 15, 2025, 11:17 AM

Updated: Oct 15, 2025, 11:17 AM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse NetX Duo ThreadX Out-of-Bounds Read Vulnerability in TLS Client Hello Processing

Vulnerability

Impact

Remediation

Affected Products

Eclipse NetX Duo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating