Justin Stauffer

**Name of the Vulnerable Software and Affected Versions** NetX Duo versions prior to 6.4.4 **Description** The networking support module for Eclipse Foundation ThreadX contains a potential out-of-bounds read issue within the ` nx icmpv6 validate options()` function when processing a packet containing ICMP6 options. **Recommendations** Update to version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** NetX Duo versions prior to 6.4.4 **Description** The networking support module for Eclipse Foundation ThreadX, NetX Duo, contains a potential out-of-bounds read issue. This issue occurs in the ` nx ipv4 packet receive()` function when processing unicast DHCP messages, potentially leading to 4 bytes of memory corruption. **Recommendations** Update to version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** Eclipse Foundation NetX Duo versions prior to 6.4.4 **Description** The networking support module for Eclipse Foundation ThreadX contains a potential out-of-bounds read issue within the ` nx ipv4 option process()` function when handling IPv4 packets that include the timestamp option. **Recommendations** Update to version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** NetX Duo versions prior to 6.4.4 **Description** The networking support module for Eclipse Foundation ThreadX contains a potential out-of-bounds read issue. This issue occurs in the ` nx ip packet receive()` function when processing an Ethernet frame with the IP type set but lacking IP data. **Recommendations** Update to version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** NetX Duo versions prior to 6.4.4 **Description** An incorrect bound check exists in the ` nx secure tls proc clienthello supported versions extension()` function within the extension version field of the Eclipse Foundation ThreadX component in NetX Duo. **Recommendations** Update to version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** NetX Duo versions prior to 6.4.4 **Description** The networking support module for Eclipse Foundation ThreadX contains a potential out-of-bounds read issue. This issue occurs in the ` nx ipv4 packet receive()` function when processing an Ethernet frame containing less than 4 bytes of IP packet data. **Recommendations** Update to version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** NetX Duo versions prior to 6.4.4 **Description** An out-of-bounds read issue exists in the Eclipse Foundation ThreadX component of NetX Duo, specifically within the ` nx secure tls process clienthello()` function. This is due to a missing validation of the Pre-Shared Key (PSK) length provided in user messages. **Recommendations** Update to NetX Duo version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** NetX Duo versions prior to 6.4.4 **Description** An incorrect bound check in the Eclipse Foundation ThreadX component of NetX Duo can lead to an out-of-bounds read. This occurs when the bound check is off by two, potentially allowing access to memory outside the intended boundaries. **Recommendations** Update NetX Duo to version 6.4.4 or later.