CNNVD-202510-2169 Information
CNNVD ID
CNNVD-202510-2169
Related CVE
- CNNVD Published: 2025-10-15
Description (Chinese)
Eclipse ThreadX NetX Duo是Eclipse ThreadX开源的一个 IPv4 和 IPv6 双重网络堆栈。 Eclipse ThreadX NetX Duo 6.4.4之前版本存在安全漏洞,该漏洞源于_nx_secure_tls_process_clienthello函数缺少对SSL/TLS客户端hello消息中密码套件长度和压缩方法长度的验证,可能导致越界读取。
Description (English)
Eclipse ThreadX NetX Duo is a dual IPv4 and IPv6 network stack of Eclipse ThreadX open sources. The previous version of Eclipse ThreadX NetX Duo 6.4.4 had a security loophole, which originated from the lack of verification of the password package length and the length of compression methods in SSL/TLS client hello, which could result in cross-border reading.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Eclipse ThreadX
Published
2025-10-15
Last Modified
2026-02-24
References
https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-5vrv-8j5h-h6h6 https://access.redhat.com/security/cve/cve-2025-55081
Patch
https://github.com/eclipse-threadx/netxduo/releases
Share on: