Primary

Context

Eclipse NetX Duo Unicast DHCP Out-of-Bounds Read Vulnerability

Vulnerability

Patched

A moderate out-of-bounds read vulnerability has been identified in Eclipse NetX Duo versions prior to 6.4.4. The issue arises in the networking support module for Eclipse Foundation ThreadX, specifically within the '_nx_ipv4_packet_receive()' function. When handling unicast DHCP messages, the vulnerability can lead to the corruption of 4 bytes of memory. This occurs because the code processes DHCP messages without proper bounds checking, allowing for the manipulation of memory when a malicious IP packet is received.

Impact

Exploitation of this vulnerability could lead to memory corruption, potentially causing undefined behavior in the application.

Remediation

Users can upgrade to Eclipse NetX Duo version 6.4.4 or later to address this vulnerability.

Added: Oct 17, 2025, 5:16 AM

Updated: Oct 17, 2025, 5:16 AM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

9.5

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

9.5

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse NetX Duo Unicast DHCP Out-of-Bounds Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Eclipse NetX Duo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating