CNNVD-202510-2591 Information

CNNVD ID

CNNVD-202510-2591

Related CVE

CVE-2025-55086

• CNNVD Published: 2025-10-20

Description (Chinese)

Eclipse ThreadX NetX Duo是Eclipse ThreadX开源的一个 IPv4 和 IPv6 双重网络堆栈。 Eclipse ThreadX NetX Duo 6.4.4之前版本存在安全漏洞，该漏洞源于DHCPV6客户端未检查服务器回复中的服务器DUID索引，可能导致越界读取。

Description (English)

Eclipse ThreadX NetX Duo is a dual IPv4 and IPv6 network stack of Eclipse ThreadX open sources. Eclipse ThreadX NetX Duo 6.4.4 has a security loophole, which stems from the failure of the DHCPV6 client to check the server DUID index in the server response, which may result in cross-border reading.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Eclipse ThreadX

Published

2025-10-20

Last Modified

2026-02-24

References

https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-99pw-cp79-2j5j https://access.redhat.com/security/cve/cve-2025-55086

Patch

https://github.com/eclipse-threadx/netxduo/releases