CVE-2025-55081
Potential out of bound read in _nx_secure_tls_process_clienthello()
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of
certain SSL/TLS client hello message: the ciphersuite length and
compression method length. In case of an attacker-crafted message with
values outside of the expected range, it could cause an out-of-bound
read.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Eclipse Foundation · NetX Duo¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →