Primary

Context

Eclipse Foundation NetX Duo Out-of-Bounds Read Vulnerability in IPv4 Option Processing

Vulnerability

Patched

A moderate out-of-bounds read vulnerability has been identified in Eclipse Foundation NetX Duo versions prior to 6.4.4. The issue arises in the networking support module for Eclipse Foundation ThreadX, specifically within the '_nx_ipv4_option_process()' function. When processing IPv4 packets with the timestamp option, the function lacks proper bounds checking, allowing it to read three bytes beyond the intended limit. This flaw could potentially be exploited to access out-of-bounds memory.

Impact

Exploitation of this vulnerability could lead to unauthorized memory access, potentially allowing for information disclosure or manipulation.

Remediation

Users can upgrade to Eclipse Foundation NetX Duo version 6.4.4 or later to address this vulnerability.

Added: Oct 17, 2025, 5:17 AM

Updated: Oct 17, 2025, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse Foundation NetX Duo Out-of-Bounds Read Vulnerability in IPv4 Option Processing

Vulnerability

Impact

Remediation

Affected Products

Eclipse Foundation NetX Duo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating