CNNVD-202510-2390 Information

CNNVD ID

CNNVD-202510-2390

Related CVE

CVE-2025-55091

• CNNVD Published: 2025-10-16

Description (Chinese)

Eclipse ThreadX NetX Duo是Eclipse ThreadX开源的一个 IPv4 和 IPv6 双重网络堆栈。 Eclipse ThreadX NetX Duo 6.4.4之前版本存在安全漏洞，该漏洞源于_nx_ip_packet_receive函数在接收类型设置为IP但无IP数据的以太网数据包时存在潜在越界读取问题。

Description (English)

Eclipse ThreadX NetX Duo is a dual IPv4 and IPv6 network stack of Eclipse ThreadX open sources. Eclipse ThreadX NetX Duo 6.4.4 has a security loophole, which stems from a potential cross-border reading problem in the nx ip packet receive function when receiving Ethernet data packages that are set to IP type but do not have IP data.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Eclipse ThreadX

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-pf5q-r6q5-6j2f

Patch

https://github.com/eclipse-threadx/netxduo/releases