Primary

Context

Eclipse NetX Duo ThreadX Incorrect Bounds Check Vulnerability Allowing Out-of-Bounds Read

Vulnerability

Patched

A vulnerability exists in Eclipse NetX Duo versions prior to 6.4.4, within the ThreadX component. The issue arises from an incorrect bounds check in the '_nx_secure_tls_process_clienthello_psk_extension()' function, which processes a list of identifiers. The bounds check fails to account for an offset, allowing for an off-by-two out-of-bounds read. This flaw could potentially be exploited to read memory outside the intended limits, leading to undefined behavior or information disclosure.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, which can lead to memory corruption or unauthorized memory access.

Remediation

Users can upgrade to NetX Duo version 6.4.4 or later to address this vulnerability.

Added: Oct 15, 2025, 3:26 PM

Updated: Oct 15, 2025, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

9.5

remediation

7.7

relevance

0.7

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

9.5

remediation

7.7

relevance

0.7

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse NetX Duo ThreadX Incorrect Bounds Check Vulnerability Allowing Out-of-Bounds Read

Vulnerability

Impact

Remediation

Affected Products

Eclipse NetX Duo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating