Eclipse Threadx Netx Duo

Eclipse NetX Duo IPv6 'Packet Too Big' DoS Vulnerability
CVE-2025-55102 - January 27, 2026

A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

Resource Exhaustion

NetX Duo HTTP DoS via Missing File Closure before v6.4.3 (Eclipse ThreadX)
CVE-2025-2260 7.5 - High - April 06, 2025

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. This issue follows an incomplete fix of CVE-2025-0726.

Eclipse ThreadX NetX Duo <6.4.3 HTTP int underflow DoS
CVE-2025-2259 7.5 - High - April 06, 2025

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727

NetX Duo HTTP int underflow DOS before v6.4.3
CVE-2025-2258 7.5 - High - April 06, 2025

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728.

NetX Duo <6.4.2 HTTP Integer Underflow/DoS
CVE-2025-0728 7.5 - High - February 21, 2025

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support.

NetX Duo <6.4.2 HTTP Server Integer Underflow DoS via PUT
CVE-2025-0727 7.5 - High - February 21, 2025

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support.

NetX Duo <6.4.2 HTTP Server DoS via PUT File Leak
CVE-2025-0726 7.5 - High - February 21, 2025

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support.

ThreadX NetX Duo <6.4.0 Heap Overflow via __portable_aligned_alloc
CVE-2024-2452 9.8 - Critical - March 26, 2024

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.

Integer Overflow or Wraparound