Primary

Context

Eclipse NetX Duo ThreadX Out-of-Bounds Read Vulnerability in TLS Client Hello Processing

Vulnerability

Patched

A moderate out-of-bounds read vulnerability has been identified in Eclipse NetX Duo versions prior to 6.4.4. The issue arises in the ThreadX component, specifically within the `_nx_secure_tls_process_clienthello()` function. The vulnerability is caused by a lack of proper validation for the length of the Pre-Shared Key (PSK) identity provided in the TLS client hello message. This oversight could lead to an out-of-bounds read, allowing potential information leakage, especially if cryptographic keys are stored in contiguous memory.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, causing an information leak. This could allow an attacker to recover cryptographic keys if they are stored in contiguous memory.

Remediation

Users can upgrade to NetX Duo version 6.4.4 or later to address this vulnerability.

Added: Oct 15, 2025, 11:17 AM

Updated: Oct 15, 2025, 11:17 AM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse NetX Duo ThreadX Out-of-Bounds Read Vulnerability in TLS Client Hello Processing

Vulnerability

Impact

Remediation

Affected Products

Eclipse Foundation NetX Duo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating