CNNVD-202510-2426 Information

CNNVD ID

CNNVD-202510-2426

Related CVE

CVE-2025-55094

• CNNVD Published: 2025-10-17

Description (Chinese)

Eclipse ThreadX NetX Duo是Eclipse ThreadX开源的一个 IPv4 和 IPv6 双重网络堆栈。 Eclipse ThreadX NetX Duo 6.4.4之前版本存在缓冲区错误漏洞，该漏洞源于处理带有ICMP6选项的数据包时_nx_icmpv6_validate_options函数存在潜在越界读取问题。

Description (English)

Eclipse ThreadX NetX Duo is a dual IPv4 and IPv6 network stack of Eclipse ThreadX open sources. Eclipse ThreadX NetX Duo 6.4.4 has an error loophole in the buffer zone, which arises from a potential cross-border reading problem with the nx icmpv6 validate options function when processing a package with ICMP6 options.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

Eclipse ThreadX

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-rf32-h832-hg8r https://access.redhat.com/security/cve/cve-2025-55094

Patch

https://github.com/eclipse-threadx/netxduo/releases