Integer Underflow (Wrap or Wraparound) Affecting eclipse-threadx/netxduo package, versions [,6.4.2)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-ECLIPSETHREADXNETXDUO-8744678
  • published24 Feb 2025
  • disclosed21 Feb 2025
  • creditKelly Patterson

Introduced: 21 Feb 2025

CVE-2025-0727  (opens in a new tab)
CWE-191  (opens in a new tab)

How to fix?

Upgrade eclipse-threadx/netxduo to version 6.4.2 or higher.

Overview

Affected versions of this package are vulnerable to Integer Underflow (Wrap or Wraparound) due to an integer underflow in the HTTP server's PUT request handling, if the Content-Length header specifies a length smaller than the actual data sent.

References

CVSS Base Scores

version 4.0
version 3.1