CNNVD-202510-2399 Information

CNNVD ID

CNNVD-202510-2399

Related CVE

CVE-2025-55090

• CNNVD Published: 2025-10-16

Description (Chinese)

Eclipse ThreadX NetX Duo是Eclipse ThreadX开源的一个 IPv4 和 IPv6 双重网络堆栈。 Eclipse ThreadX NetX Duo 6.4.4之前版本存在安全漏洞，该漏洞源于_nx_ipv4_packet_receive函数在接收小于4字节IP数据包的以太网帧时存在潜在越界读取问题。

Description (English)

Eclipse ThreadX NetX Duo is a dual IPv4 and IPv6 network stack of Eclipse ThreadX open sources. There was a security loophole in the previous version of Eclipse ThreadX NetX Duo 6.4.4, which originated from the potential cross-border reading problems in the nx ipv4 packet receive function when receiving Ethernet frames of less than 4 byte IP packages.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Eclipse ThreadX

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-cf2g-j6vv-m8c5

Patch

https://github.com/eclipse-threadx/netxduo/releases