Summary
An integer underflow vulnerability exists in the HTTP server PUT request functionality of Eclipse ThreadX NetX Duo git commit 6c8e9d1. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Confirmed Vulnerable Versions
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Eclipse ThreadX NetX Duo git commit 6c8e9d1
Product URLs
Eclipse ThreadX NetX Duo - https://github.com/eclipse-threadx/netxduo
Details
Eclipse ThreadX NetX Duo is an industrial-grade TCP/IP network stack tailored specifically for deeply embedded real-time and IoT applications. It offers a dual network stack supporting both IPv4 and IPv6
When processing an HTTP PUT request it is possible to cause an integer underflow condition which could result in a very large file to be written to the file system. This could cause a denial of service by consuming all of the file system resources. This vulnerability affects both HTTP server implementations within NetX Duo.
This is the same issue as reported in GHSA-hqp7-4q26-6wqf
The fix in c78d650 was incomplete and did not include the Component HTTP server. The complete fix is in fb3195b
NetX Duo Component HTTP Server
This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in netxduo\addons\http\nxd_http_server.c
Mitigation
Developers can disable the processing of PUT requests by ending the processing of a PUT request in an application callback request notify function.
Credit
Discovered by Kelly Patterson of Cisco Talos.
Summary
An integer underflow vulnerability exists in the HTTP server PUT request functionality of Eclipse ThreadX NetX Duo git commit 6c8e9d1. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Confirmed Vulnerable Versions
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Eclipse ThreadX NetX Duo git commit 6c8e9d1
Product URLs
Eclipse ThreadX NetX Duo - https://github.com/eclipse-threadx/netxduo
Details
Eclipse ThreadX NetX Duo is an industrial-grade TCP/IP network stack tailored specifically for deeply embedded real-time and IoT applications. It offers a dual network stack supporting both IPv4 and IPv6
When processing an HTTP PUT request it is possible to cause an integer underflow condition which could result in a very large file to be written to the file system. This could cause a denial of service by consuming all of the file system resources. This vulnerability affects both HTTP server implementations within NetX Duo.
This is the same issue as reported in GHSA-hqp7-4q26-6wqf
The fix in c78d650 was incomplete and did not include the Component HTTP server. The complete fix is in fb3195b
NetX Duo Component HTTP Server
This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in netxduo\addons\http\nxd_http_server.c
Mitigation
Developers can disable the processing of PUT requests by ending the processing of a PUT request in an application callback request notify function.
Credit
Discovered by Kelly Patterson of Cisco Talos.