Approved changes feed: RSS · Atom
cpe:2.3:a:eclipse_foundation:threadx:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Eclipse Foundation (2c315c48-0111-5572-bbde-cc70cfafb2e9) |
|---|---|
| Product | Threadx (717474c4-6c91-5980-a48d-335ae0724610) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-55080 |
vulnerable | 2026-06-03 15:04:57.623830 |
Improper Parameter Check in ThreadX Syscall Implementation
In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write.
Published: 2025-10-15T05:41:50.536Z
Updated: 2025-10-15T17:41:32.823Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55079 |
vulnerable | 2026-06-03 15:04:57.623480 |
Missing check for thread priority
In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service.
Published: 2025-10-15T04:29:00.882Z
Updated: 2025-10-15T18:38:38.157Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55078 |
vulnerable | 2026-06-03 15:04:57.622175 |
Incomplete validation of kernel object pointers in system calls
In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region.
Published: 2025-10-14T07:28:56.148Z
Updated: 2025-10-14T15:29:21.710Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2260 |
vulnerable | 2026-06-03 15:00:25.050164 |
Eclipse ThreadX NetX Duo HTTP component server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.3, an attacker can cause a denial of service by specially
crafted packets. The core issue is missing closing of a file in case of
an error condition, resulting in the 404 error for each further file
request. Users can work-around the issue by disabling the PUT request
support.
This issue follows an incomplete fix of CVE-2025-0726.
Published: 2025-04-06T18:56:34.730Z
Updated: 2025-04-14T15:03:16.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2259 |
vulnerable | 2026-06-03 15:00:25.049783 |
Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.3, an attacker can cause an integer underflow and a
subsequent denial of service by writing a very large file, by specially
crafted packets with Content-Length in one packet smaller than the data
request size of the other packet. A possible workaround is to disable
HTTP PUT support.
This issue follows an incomplete fix of CVE-2025-0727
Published: 2025-04-06T19:01:20.233Z
Updated: 2025-04-14T15:03:15.118Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2258 |
vulnerable | 2026-06-03 15:00:25.048311 |
Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.3, an attacker can cause an integer underflow and a
subsequent denial of service by writing a very large file, by specially
crafted packets with Content-Length smaller than the data request size. A
possible workaround is to disable HTTP PUT support.
This issue follows an uncomplete fix in CVE-2025-0728.
Published: 2025-04-06T18:50:42.764Z
Updated: 2025-04-15T16:03:10.402Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0728 |
vulnerable | 2026-06-03 14:58:32.733313 |
Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.2, an attacker can cause an integer underflow and a
subsequent denial of service by writing a very large file, by specially
crafted packets with Content-Length smaller than the data request size. A
possible workaround is to disable HTTP PUT support.
Published: 2025-02-21T08:16:16.029Z
Updated: 2025-02-21T14:12:36.893Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0727 |
vulnerable | 2026-06-03 14:58:32.732835 |
Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.2, an attacker can cause an integer underflow and a
subsequent denial of service by writing a very large file, by specially
crafted packets with Content-Length in one packet smaller than the data
request size of the other packet. A possible workaround is to disable
HTTP PUT support.
Published: 2025-02-21T08:19:11.412Z
Updated: 2025-02-21T15:34:39.515Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0726 |
vulnerable | 2026-06-03 14:58:32.731594 |
Eclipse ThreadX NetX Duo HTTP server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.2, an attacker can cause a denial of service by specially
crafted packets. The core issue is missing closing of a file in case of
an error condition, resulting in the 404 error for each further file
request. Users can work-around the issue by disabling the PUT request
support.
Published: 2025-02-21T08:12:11.703Z
Updated: 2025-02-21T14:17:39.802Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2452 |
vulnerable | 2026-06-03 14:55:29.284398 |
Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()
HIGH (7)
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control
parameters of __portable_aligned_alloc() could cause an integer
wrap-around and an allocation smaller than expected. This could cause
subsequent heap buffer overflows.
Published: 2024-03-26T15:43:36.233Z
Updated: 2025-02-13T17:40:10.101Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2214 |
vulnerable | 2026-06-03 14:55:28.739572 |
Missing array size check in _Mtxinit() in the Xtensa port
HIGH (7)
In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the
Xtensa port was missing an array size check causing a memory overwrite.
The affected file was ports/xtensa/xcc/src/tx_clib_lock.c
Published: 2024-03-26T15:48:36.304Z
Updated: 2025-02-13T17:33:31.114Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2212 |
vulnerable | 2026-06-03 14:55:28.737861 |
Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()
HIGH (7.3)
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet()
functions from the FreeRTOS compatibility API
(utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing
parameter checks. This could lead to integer wraparound,
under-allocations and heap buffer overflows.
Published: 2024-03-26T15:58:27.486Z
Updated: 2025-02-13T17:33:30.356Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.