Primary

Context

Eclipse NetX Duo Out-of-Bounds Read Vulnerability in IP Packet Reception

Vulnerability

Patched

A potential out-of-bounds read vulnerability has been identified in Eclipse NetX Duo versions through 6.4.3. The issue arises in the '_nx_ip_packet_receive()' function within the networking support module for Eclipse Foundation ThreadX. The vulnerability occurs when an Ethernet frame is received with the type set to IP but without any accompanying IP data. This lack of data allows for an out-of-bounds read, as the function does not properly validate the IP header before processing it. In theory, such an out-of-bounds read could lead to a crash or an information leak.

Impact

Exploitation of this vulnerability could cause a crash or an information leak.

Remediation

Users can upgrade to Eclipse NetX Duo version 6.4.4 or later to address this vulnerability.

Added: Oct 16, 2025, 8:17 AM

Updated: Oct 16, 2025, 3:59 PM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse NetX Duo Out-of-Bounds Read Vulnerability in IP Packet Reception

Vulnerability

Impact

Remediation

Affected Products

Eclipse NetX Duo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating