AIKIDO-2026-10087
eclipse-threadx.netxduo is vulnerable to Denial of Service (DoS)
65
Medium Risk
This Affects:
eclipse-threadx.netxduoTL;DR
Affected versions of Eclipse ThreadX NetX Duo contain a denial-of-service (DoS) weakness in how ICMPv6 PACKET_TOO_BIG events are handled: when processing a message, the stack may not correctly trigger necessary neighbor discovery (ND) resend logic, which can lead to improper handling of network conditions and cause the system to become unresponsive under certain malformed or high-load IPv6 traffic patterns. The patch fixes this by ensuring that when a new ND cache entry is created during PACKET_TOO_BIG processing, an ND request is sent and retry state is initialized so that the protocol doesn’t stall, mitigating the DoS condition.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
eclipse-threadx.netxduo is vulnerable to Denial of Service (DoS) in versions 6.0.0 - 6.4.4.
How to fix this
Upgrade the eclipse-threadx.netxduo library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant