Primary

Context

Eclipse NetX Duo Out-of-Bounds Read Vulnerability in ICMPv6 Option Validation

Vulnerability

Patched

A moderate out-of-bounds read vulnerability has been identified in Eclipse NetX Duo versions through 6.4.3. The issue arises in the networking support module for Eclipse Foundation ThreadX, specifically within the `_nx_icmpv6_validate_options()` function. This function, responsible for parsing and validating ICMPv6 options in received packets, can be exploited by malformed ICMPv6 packets that contain incomplete option structures. Such packets may cause the function to read memory outside the intended bounds, leading to potential information disclosure or memory corruption.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, allowing for the possibility of reading memory outside the intended buffer boundaries. This type of memory access can often be exploited to disclose sensitive information or manipulate program execution.

Remediation

Users can upgrade to Eclipse NetX Duo version 6.4.4 or later to address this vulnerability.

Added: Oct 17, 2025, 6:20 AM

Updated: Oct 17, 2025, 6:20 AM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

9.5

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

0.6

exploitability

9.5

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse NetX Duo Out-of-Bounds Read Vulnerability in ICMPv6 Option Validation

Vulnerability

Impact

Remediation

Affected Products

Eclipse NetX Duo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating